Re: Re: [PHP] Possible My Website was hacked... with PHP... please tell me what this is???

Hi guys

what does trolling mean? Never heard of it before.

Angelo

-----Original Message-----
From: Joel Rees <joel@alpsgiken.gr.jp>
To: "Joe Harman" <joe@harmanmedia.com>, <php-general@lists.php.net>
Date: Thu, 31 Jul 2003 16:10:24 +0900
Subject: Re: [php] Possible My Website was hacked... with PHP... please tell me what this is???

Assuming you are not just trolling,

> Fortunatly I don't think they were doing something correctly, cause it
> didn't deface my site like some of the others....

Don't count on it. They only deface servers they don't want to use.

> ...
> everyone can execute shell commands via system(); on your server.
> -> delete the script ;)

Oh, by all means, delete it if you want. But it's not the hole it came
in through, and it's not the real backdoor.

It's so blatent, I'd guess it's a script kiddy or a decoy. Even if it's
a script kiddy, you _want_ to know how it got on the box.

I'd take the box offline, back up all the data and configuration files,
and re-install the whole system and all programs from scratch. Go over
every configuration file with a fine-tooth comb.

If the machine is on a subnet and I controlled the subnet, I think I'd
take the whole subnet down, including the firewall, and clean every
machine up, not putting any machine back on the subnet until it was
clean and any holes patched. If I didn't control the subnet, I'd make
sure the persons who did know there had been a break-in.

And if you have any valuable data, consider it to have been stolen. If
you have credit card numbers, report the possibility of theft to the
credit card companies. Etc.

If you're trolling, go away.

--
Joel Rees, programmer, Systems Group
Altech Corporation (Alpsgiken), Osaka, Japan
http://www.alpsgiken.co.jp


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

trolling!
ha

binc2 wrote:

>Hi guys
>
>what does trolling mean? Never heard of it before.
>
>Angelo
>
>-----Original Message-----
>From: Joel Rees <joel@alpsgiken.gr.jp>
>To: "Joe Harman" <joe@harmanmedia.com>, <php-general@lists.php.net>
>Date: Thu, 31 Jul 2003 16:10:24 +0900
>Subject: Re: [php] Possible My Website was hacked... with PHP... please tell me what this is???
>
>Assuming you are not just trolling,
>
>
>
>>Fortunatly I don't think they were doing something correctly, cause it
>>didn't deface my site like some of the others....
>>
>>
>
>Don't count on it. They only deface servers they don't want to use.
>
>
>
>>...
>>everyone can execute shell commands via system(); on your server.
>>-> delete the script ;)
>>
>>
>
>Oh, by all means, delete it if you want. But it's not the hole it came
>in through, and it's not the real backdoor.
>
>It's so blatent, I'd guess it's a script kiddy or a decoy. Even if it's
>a script kiddy, you _want_ to know how it got on the box.
>
>I'd take the box offline, back up all the data and configuration files,
>and re-install the whole system and all programs from scratch. Go over
>every configuration file with a fine-tooth comb.
>
>If the machine is on a subnet and I controlled the subnet, I think I'd
>take the whole subnet down, including the firewall, and clean every
>machine up, not putting any machine back on the subnet until it was
>clean and any holes patched. If I didn't control the subnet, I'd make
>sure the persons who did know there had been a break-in.
>
>And if you have any valuable data, consider it to have been stolen. If
>you have credit card numbers, report the possibility of theft to the
>credit card companies. Etc.
>
>If you're trolling, go away.
>
>
>

I have seen this exact same header before in this list, so I am going to
assume this is a troll

Chris
----- Original Message -----
From: "binc2" <binc2@ctech.ac.za>
To: <joel@alpsgiken.gr.jp>; <php-general@lists.php.net>
Sent: Thursday, July 31, 2003 8:26 AM
Subject: Re: Re: [php] Possible My Website was hacked... with PHP... please
tell me what this is???


Hi guys

what does trolling mean? Never heard of it before.

Angelo

-----Original Message-----
From: Joel Rees <joel@alpsgiken.gr.jp>
To: "Joe Harman" <joe@harmanmedia.com>, <php-general@lists.php.net>
Date: Thu, 31 Jul 2003 16:10:24 +0900
Subject: Re: [php] Possible My Website was hacked... with PHP... please tell
me what this is???

Assuming you are not just trolling,

> Fortunatly I don't think they were doing something correctly, cause it
> didn't deface my site like some of the others....

Don't count on it. They only deface servers they don't want to use.

> ...
> everyone can execute shell commands via system(); on your server.
> -> delete the script ;)

Oh, by all means, delete it if you want. But it's not the hole it came
in through, and it's not the real backdoor.

It's so blatent, I'd guess it's a script kiddy or a decoy. Even if it's
a script kiddy, you _want_ to know how it got on the box.

I'd take the box offline, back up all the data and configuration files,
and re-install the whole system and all programs from scratch. Go over
every configuration file with a fine-tooth comb.

If the machine is on a subnet and I controlled the subnet, I think I'd
take the whole subnet down, including the firewall, and clean every
machine up, not putting any machine back on the subnet until it was
clean and any holes patched. If I didn't control the subnet, I'd make
sure the persons who did know there had been a break-in.

And if you have any valuable data, consider it to have been stolen. If
you have credit card numbers, report the possibility of theft to the
credit card companies. Etc.

If you're trolling, go away.

--
Joel Rees, programmer, Systems Group
Altech Corporation (Alpsgiken), Osaka, Japan
http://www.alpsgiken.co.jp


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php