From: Ömer Fadıl USTA (omerusta@gmail.com)
Date: Tue 06 Sep 2005 - 11:35:13 EEST
Simple Php Blog Geliştiricilerinin yaptığı bir duyuru ile tüm
Sphpblog kullanan kişi ve sunucuların mevcut açıktan etkilenebileceğini
açıkladı.
http://www.simplephpblog.com/
Not: Cross Post için özür dilerim.
Açıklamanın bir kısmı aşağıda yer almaktadır :
This site was hacked yesterday, September 3rd, at 4:01am. It appears
that the hackers managed to upload an "image" called "HACK.php.JPG".
This file was actually something called PhpShell 2.0.
After that, they also uploaded cmd.php, c99shell.php, remview.php, and
webadmin.php (in the images folder.)
From that point, they were able to take control of the server delete
all the older messages and such...
If you are running SPHPBlog (!!!any version!!!!) please delete the
upload_img.php, and upload_img_cgi.php files from your install (until we
fix them.) Also, if you were hacked, please be aware that they installed
a "backdoor" in the "script/sb_login.php" file in the check_password
function. The backdoor password is "1nf0"...
So, replace the "sb_login.php" file with one from the sourceforge site.
Ömer F. USTA
_______________________________________________
Linux-yerellestirme mailing list
Linux-yerellestirme@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-yerellestirme