[nycphp-talk] worm/virus's hammering feedback scripts?
Jeff Siegel
jsiegel1 at optonline.net
Mon Sep 12 06:44:48 EDT 2005
An FYI. On all of my website login pages, I have my script email me all of
the global variables (i.e., $GLOBALS) when someone fails to log in. I've
received emails from my error handler similar to those like the "jrubin"
one. The point is that whatever bot is running, it seems to be trying to
inject its dastardly code into any PHP form it finds.
Jeff
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Rolan Yang
Sent: Sunday, September 11, 2005 10:52 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] worm/virus's hammering feedback scripts?
One more hint to all:
If you are hosting php scripts for other people, or simply have too
many to comb through on your own server(s), grep your mail server log
for "jrubin3546 at aol.com". If you see any results, cross reference that
time with your web logs to locate the exploitable script.
~Rolan
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org
More information about the talk
mailing list