[plug] PHP vulnerability

[Timothy White]

Kai wrote:

> Hi crew,
>
> Just had a look at my apache logs and saw this. I remember hearing
> about php vulnerability or something similar ?
>
> xaround.propagation.net - - [22/Feb/2005:17:19:18 +0800] "GET /forum/
> HTTP/1.1" 404 328
> xaround.propagation.net - - [22/Feb/2005:17:19:19 +0800] "GET /phpBB/
> HTTP/1.1" 404 328
> xaround.propagation.net - - [22/Feb/2005:17:19:20 +0800] "GET /
> HTTP/1.1" 200 3111
> xaround.propagation.net - - [22/Feb/2005:17:19:21 +0800] "GET /forums/
> HTTP/1.1" 404 329
> xaround.propagation.net - - [22/Feb/2005:17:19:22 +0800] "GET /phpbb/
> HTTP/1.1" 404 328
> xaround.propagation.net - - [22/Feb/2005:17:19:23 +0800] "GET /board/
> HTTP/1.1" 404 328
> xaround.propagation.net - - [22/Feb/2005:17:19:24 +0800] "GET /boards/
> HTTP/1.1" 404 329
> xaround.propagation.net - - [22/Feb/2005:17:19:25 +0800] "GET /phpBB2/
> HTTP/1.1" 404 329
> xaround.propagation.net - - [22/Feb/2005:17:19:26 +0800] "GET
> /msgboard/ HTTP/1.1" 404 331
> xaround.propagation.net - - [22/Feb/2005:17:19:27 +0800] "GET /foros/
> HTTP/1.1" 404 328
> xaround.propagation.net - - [22/Feb/2005:17:19:28 +0800] "GET /portal/
> HTTP/1.1" 404 329

Wouldn't surprise me if that was a script kiddy fingerprinting your box.
Nicely ordered with 1 second between requests. Unless your running one
of the effected applications you should be fine. From memory it was
phpBB (1 or 2?) and Awstats or something like that.

Tim

--
Tim White - Use the Fox, Luke!
PGP/GPG id: 602E944D, Pub Key Serv: subkeys.pgp.net
Fingerprint: 04C2 9682 B7B2 3006 009D  A9F3 067E EDCD 602E 944D
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20050222/2e371c02/attachment.pgp>