nanog mailing list archives
Re:Destructive botnet originating from Japan
From: chuck goolsbee <chucklist () forest net>
Date: Sun, 25 Dec 2005 09:19:04 -0800
Well it appears that bad code always seems to be the root of problems, according to our research today the problem appears to be caused by incorrectly written PHP applications that perform includes using a string without running any validation against the string:
The truly frightening thing about an exploit using PHP is that the "bad code" can be as much user-generated as it is developer-generated. In other words, the clueless webmaster who copy/pastes code can unwittingly lead to the compromise of a server that s/he has even very limited user-level access on.
That and the vast variation of PHP versions we see still in use on various colo servers.
Another year, yet another variation of whack-a-mole. --chuck goolsbee
Current thread:
- Destructive botnet originating from Japan Barrett G. Lyon (Dec 23)
- <Possible follow-ups>
- Re:Destructive botnet originating from Japan Barrett G. Lyon (Dec 23)
- Re:Destructive botnet originating from Japan chuck goolsbee (Dec 25)
- RE: Re:Destructive botnet originating from Japan Hannigan, Martin (Dec 23)
- Re:Destructive botnet originating from Japan Barrett G. Lyon (Dec 24)
- Re:Destructive botnet originating from Japan Rob Thomas (Dec 24)
- Re:Destructive botnet originating from Japan Gadi Evron (Dec 25)
- Re: Destructive botnet originating from Japan Richard A Steenbergen (Dec 25)
- Re: Destructive botnet originating from Japan Gadi Evron (Dec 25)
- Re:Destructive botnet originating from Japan Rob Thomas (Dec 24)
- Re: Destructive botnet originating from Japan Randy Bush (Dec 25)
- Re: Destructive botnet originating from Japan Rubens Kuhl Jr. (Dec 25)
- Re: Destructive botnet originating from Japan Jon Lewis (Dec 25)