[PHP] Possible My Website was hacked... with PHP... please tell me what this is??? http://marc.theaimsgroup.com/?t=105963160300003&r=1&w=2
P.S. to Hartmut Holzgraefe <[EMAIL PROTECTED]>: even funnier that he's using a root account for communication through Microsoft Outlook Express 6.00.2720.3000, and is worried about php file uploads On Thursday 31 July 2003 08:20 am, Hartmut Holzgraefe wrote: > Rasmus Lerdorf wrote: > > I suppose we could suck all the code from the UNIX 'file' command into > > PHP > > we already have ;) > > someone at HP already did that for apache and i wrapped it up in > ext/mime_magic > > > The only way to upload a file and then execute it is to know > > a little bit about the web server and upload specific file types the web > > server is configured to execute. > > maybe the request was also about client security? > (just guessing, hard to tell with no links to the mentioned > "bad publicity" in the original message ...) > > like maybe windows EXE files getting uploaded to galeries? > > sure, the application storing and providing the uploaded files *should* > check that stuff itself, but most probably wont ... :( > > what about some mechanism similar to your input filtering stuff that > operates on uploads so that it becomes possible to enforce sitewide > upload policies even in shared hosting environments using some sort > of hooks? > > PS to "skate" <[EMAIL PROTECTED]>: > funny that you are worried about php file uploads but not > about using the root account for communication ;) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
