On Wed, Jan 04, 2006 at 05:28:38PM +0100, Joachim Schipper wrote: > There was a phpBB2 in one of the paths used. If you have phpBB enabled > somewhere, that's a likely attack vector. >
I noticed that too. phpBB has been used for many sorts of tricks. The ISP that I work for scans for it and support follow a prodecure to warn the customer that it has been disabled. (chmod) An easy way is to change: AddType application/x-httpd-php .php to: AddType application/x-httpd-php .phtml Most php packages come with .php files, and people that use them ususlly don't have the nouse to alter all the files and links thoughout the package. Craig.
