ID: 22728 Updated by: [EMAIL PROTECTED] Reported By: ChristianMoore at attbi dot com -Status: Open +Status: Bogus -Bug Type: Unknown/Other Function +Bug Type: CGI related Operating System: Windows .NET Server 2003 AdvSrv PHP Version: 4.3.0 New Comment:
So someone is using your php.exe. Check this manual page: http://www.php.net/manual/en/security.php Previous Comments: ------------------------------------------------------------------------ [2003-03-15 09:40:24] ChristianMoore at attbi dot com My scripts do not make any attempts to access these domains. So that's not the problem ------------------------------------------------------------------------ [2003-03-15 09:24:46] [EMAIL PROTECTED] Either your scripts are deliberately accessing the network using something like fopen("http://....";), or your scripts are insecure and are allowing hackers to do that. This is not a bug in PHP; please check your scripts, and re-read the security section of the PHP manual. ------------------------------------------------------------------------ [2003-03-15 07:55:38] ChristianMoore at attbi dot com I use PHP on my site at www.psychosematic.com. For some reason, php.exe is trying to access the web, and it has nothing to do with my site. My firewall logged these actions, performed by php.exe: File Version : File Description : C:\php\php.exe File Path : C:\php\php.exe Process ID : 283C (Heximal) 10300 (Decimal) Connection origin : local initiated Protocol : TCP Local Address : 192.168.1.100 Local Port : 3216 Remote Name : www.ironmaiden.com Remote Address : 213.86.54.15 Remote Port : 80 (HTTP - World Wide Web) Ethernet packet details: Ethernet II (Packet Length: 62) Destination: 00-04-5a-e9-5a-17 Source: 00-03-6d-11-12-fc Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 64 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x1d7b (Correct) Source: 192.168.1.100 Destination: 213.86.54.15 Transmission Control Protocol (TCP) Source port: 3216 Destination port: 80 Sequence number: 3479013436 Acknowledgment number: 0 Header length: 28 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0x3311 (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 | ..Z.Z...m.....E. 0010: 00 30 F2 38 40 00 40 06 : 7B 1D C0 A8 01 64 D5 56 | [EMAIL PROTECTED]@.{....d.V 0020: 36 0F 0C 90 00 50 CF 5D : 88 3C 00 00 00 00 70 02 | 6....P.].<....p. 0030: 40 00 11 33 00 00 02 04 : 05 B4 01 01 04 02 | @..3.......... File Version : File Description : C:\php\php.exe File Path : C:\php\php.exe Process ID : 2B40 (Heximal) 11072 (Decimal) Connection origin : local initiated Protocol : TCP Local Address : 192.168.1.100 Local Port : 3256 Remote Name : www.aimoo.com Remote Address : 216.38.143.13 Remote Port : 80 (HTTP - World Wide Web) Ethernet packet details: Ethernet II (Packet Length: 62) Destination: 00-04-5a-e9-5a-17 Source: 00-03-6d-11-12-fc Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 64 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x8014 (Correct) Source: 192.168.1.100 Destination: 216.38.143.13 Transmission Control Protocol (TCP) Source port: 3256 Destination port: 80 Sequence number: 74775255 Acknowledgment number: 0 Header length: 28 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0x8b0d (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 04 5A E9 5A 17 00 03 : 6D 11 12 FC 08 00 45 00 | ..Z.Z...m.....E. 0010: 00 30 FD 07 40 00 40 06 : 14 80 C0 A8 01 64 D8 26 | [EMAIL PROTECTED]@......d.& 0020: 8F 0D 0C B8 00 50 04 74 : FA D7 00 00 00 00 70 02 | .....P.t......p. 0030: 40 00 0D 8B 00 00 02 04 : 05 B4 01 01 04 02 | @............. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=22728&edit=1
