Welcome to WebmasterWorld Guest from 18.104.22.168
Suppose a malicious user wrote the following code
And then, suppose also he typed the following URL with an enter key.
Then you can see the following result:
Then they gain local access with buffer overflow exploits or uploading and compiling bindshell. You can read much more about it here:
I changed MySQL and Telent passwords, is there a way to find out if the trojan like file is still resident on my server?
[edited by: jatar_k at 5:44 pm (utc) on Sep. 24, 2002]
[edit reason] removed specific info [/edit]
[edited by: jatar_k at 4:14 pm (utc) on Sep. 24, 2002]
[edited by: rcjordan at 6:47 pm (utc) on Sep. 24, 2002]
Maybe someone wanders around looking for this particular forum software because they know how to exploit it.
[edited by: jatar_k at 4:45 pm (utc) on Sep. 24, 2002]
[edited by: jatar_k at 7:39 pm (utc) on Sep. 24, 2002]
[edit reason] specifics [/edit]
exactly. A basic working understanding of what is going on with everything running on your server/site is always a good plan. If, for any reason, you see anything strange, fix, change or find out more about it.
Forum software is a tough one because it links into a lot of different parts on the server and usually has of permissions to do many things. It also has thousands of lines of code that not many people can sift through and understand.
You should inform the police about the situation with the log files being deleted, and have the logs subpoenaed if possible. Also inform the hosting company that you need the logs to support a fraud investigation, and advise them strongly not to delete them (copy the investigator on this message).
You should not have to pay for information needed to investigate criminal activity - the police can get it for free (well, they may have to get a search warrant).