Re: PHP Security

[Eric Marden <security () xentek net>]

Are you saying that check.js was used in the attack? Does this file  
call any remote files?


Eric Marden
xentek: enlightened internet solutions
http://xentek.net/

On Mar 17, 2008, at 7:58 PM, Greg Song wrote:
> Hi all
> Thesedays I'm analyzing the solarys system that using apache web
> server and php. Of cause it hacked.
> I could not find reason of some situation that the specified directory
> are created over and over(it includes check.js)
> Weblog record as below
> > > xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js
> Some pages can upload the file but it didn't work when I uploaded  
> some php file.
> I'm wondering how it makes some directories.
> Any suggestin,ideas.
> Thanks all
>
> ---------------------------------------------------------------------- 
> ---
> Sponsored by: Watchfire
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats,  
> web application security assessments should be considered a crucial  
> phase in the development of any web application. What methodology  
> should be followed? What tools can accelerate the assessment  
> process? Download this Whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx? 
> id=70170000000940F
> ---------------------------------------------------------------------- 
> ---


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------