 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 286 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Be Advised!: New Santy Strain Attacks All PHP Web Scripts! |
|
 Zhen-Xjell writes "Folks, it seems that Santy worm has taken on a new strain. It also searches Yahoo now in addition to Google, but it looks for any PHP scripts with all possible arguments passed thru in the HTTP GET. This worm tries all arguments in your PHP script to throw in a shell commands that access a particular website, download some text files into /tmp, and then execute them using Perl...
SOURCE: http://castlecops.com/article-5640-nested-0-0.html (Full Story)
|
|
Posted on Saturday, December 25 @ 18:45:40 CET by VinDSL |
|
|
|
|
| |
|
Average Score: 5
Votes: 1
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by Zhen-Xjell on Sunday, December 26 @ 02:03:52 CET
(User Info | Send a Message) http://castlecops.com | Hey nice to see it up here, thanks Vin. Please note, I've noticed folks filtering incorrectly on "echr", etc. Reasoning why this is invalid is in the link you give above, in the comment section. I added on more details there.
Please folks, do not filter on "echr", or the like. That is invalid logic. |
| | | | |
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by spcdata on Sunday, December 26 @ 02:32:35 CET
(User Info | Send a Message) http://www.nextnet.se | | Hi!
a little question, if perl is not used there is no worry? |
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by Zhen-Xjell on Sunday, December 26 @ 09:15:03 CET
(User Info | Send a Message) http://castlecops.com | | That isn't the point, if someone can shell into your system remotely, then there is a problem. You need to ensure that cannot be done. |
]
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by spcdata on Sunday, December 26 @ 09:37:26 CET
(User Info | Send a Message) http://www.nextnet.se | | Thanks for the answer, i hope that i haven't missed anything only time can tell....but so far no strange activity at my site. |
]
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by Zhen-Xjell on Sunday, December 26 @ 09:59:51 CET
(User Info | Send a Message) http://castlecops.com | | I've got stats I might be posting later as to what filters work best. So far today (10 hours of it), I've logged about 80,000 attacks. My match filters show what is working. |
]
Re: Be Advised!: New Santy Strain Attacks All PHP Web Scripts! (Score: 1)
by spcdata on Sunday, December 26 @ 12:05:15 CET
(User Info | Send a Message) http://www.nextnet.se | | It would be great and very appreciated if you will do that !! |
]
| | | | | |
|
