On Apr 18, 2008, at 3:53 PM, Eric Butera wrote:
Time for beer! :D
I second that!
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Time for beer! :D
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Eric Butera wrote:
On Fri, Apr 18, 2008 at 3:19 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
He is referring to the code that he finds at the top of a number of
different files. That is the code that he showed us.
I just thought that was the entire contents of the file.
Double checking, I see
On Fri, Apr 18, 2008 at 3:19 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> He is referring to the code that he finds at the top of a number of
> different files. That is the code that he showed us.
I just thought that was the entire contents of the file.
--
PHP General Mailing List (http://www.ph
On Fri, Apr 18, 2008 at 2:52 PM, Al <[EMAIL PROTECTED]> wrote:
> Progress. One of our designers uploaded an infected css file for his
> application. Thus every time the file is called, it's executed. the The
> code appears to be md5 encoded. I'm going reverse the coding to see what it
> does.
On Fri, Apr 18, 2008 at 2:01 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
>
> I wasn't trying to step on your toes. It just didn't seem like the
> point was getting across. :D
Not at all, dude, I didn't take it that way. I appreciate it.
Especially days like today where it seems like th
Eric Butera wrote:
On Fri, Apr 18, 2008 at 2:59 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
in the example code above that is injected into the top of the php scripts,
the eval is evaluating the code that is read from the temp file, the temp
file is never moved or renamed. There for it will be re
On Fri, Apr 18, 2008 at 2:59 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> in the example code above that is injected into the top of the php scripts,
> the eval is evaluating the code that is read from the temp file, the temp
> file is never moved or renamed. There for it will be removed when the
>
Eric Butera wrote:
On Fri, Apr 18, 2008 at 12:58 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
Eric Butera wrote:
On Fri, Apr 18, 2008 at 12:22 PM, Al <[EMAIL PROTECTED]> wrote:
I'm continuing to work on this.
One thing that seems obvious. The code executes the script code, using
eval(), direct
Progress. One of our designers uploaded an infected css file for his application. Thus every time
the file is called, it's executed. the The code appears to be md5 encoded. I'm going reverse the
coding to see what it does.
Al wrote:
I'm still fighting my hack problem on one of my servers. Can
On Fri, Apr 18, 2008 at 12:54 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
> On Fri, Apr 18, 2008 at 12:42 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
> > On Fri, Apr 18, 2008 at 12:32 PM, Al <[EMAIL PROTECTED]> wrote:
> > > I've not bothered to try and figure out where it came from because
> h
On Fri, Apr 18, 2008 at 12:58 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
>
> Eric Butera wrote:
>
> > On Fri, Apr 18, 2008 at 12:22 PM, Al <[EMAIL PROTECTED]> wrote:
> >
> > > I'm continuing to work on this.
> > >
> > > One thing that seems obvious. The code executes the script code, using
> > > eva
Eric Butera wrote:
On Fri, Apr 18, 2008 at 12:22 PM, Al <[EMAIL PROTECTED]> wrote:
I'm continuing to work on this.
One thing that seems obvious. The code executes the script code, using
eval(), directly from the /tmp dir. So the usual security tests we do prior
to using move_uploaded_file() ar
On Fri, Apr 18, 2008 at 12:42 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
> On Fri, Apr 18, 2008 at 12:32 PM, Al <[EMAIL PROTECTED]> wrote:
> > I've not bothered to try and figure out where it came from because hackers
> > spoof their ID anyhow.
>
> I meant the wide open flood gate on your system
On Fri, Apr 18, 2008 at 12:32 PM, Al <[EMAIL PROTECTED]> wrote:
> I've not bothered to try and figure out where it came from because hackers
> spoof their ID anyhow.
I meant the wide open flood gate on your system, not who did it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
I've not bothered to try and figure out where it came from because hackers
spoof their ID anyhow.
Eric Butera wrote:
On Fri, Apr 18, 2008 at 12:22 PM, Al <[EMAIL PROTECTED]> wrote:
I'm continuing to work on this.
One thing that seems obvious. The code executes the script code, using
eval(),
On Fri, Apr 18, 2008 at 12:22 PM, Al <[EMAIL PROTECTED]> wrote:
> I'm continuing to work on this.
>
> One thing that seems obvious. The code executes the script code, using
> eval(), directly from the /tmp dir. So the usual security tests we do prior
> to using move_uploaded_file() are useless.
>
I'm continuing to work on this.
One thing that seems obvious. The code executes the script code, using eval(), directly from the
/tmp dir. So the usual security tests we do prior to using move_uploaded_file() are useless.
Al wrote:
I'm still fighting my hack problem on one of my servers. Can a
18 matches
Mail list logo
