![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Hostees!
Hostees of mine on magatsu.net -- my webspace was hit with an exploit that I'm cleaning out now. I think it was just my accounts and not any of you (as I cannot access your accounts) but please do (a) change your passwords and (b) check your webspace using FileZilla or another FTP program for a PHP script that shouldn't be there. (details under cut)
Details:
The exploit seems to be consistently 28,278 bytes in size, a PHP file named with either two people's named connected by an underscore or an English word connected to a person's name with an underscore. I've found it in root files, and in an images folder in a wiki site and in an uploads folder in a Wordpress site, and in a trunk folder and images folder for survey software I was testing.
If you know how to grep, you can grep for _8b7b as it appears to consistently use that as a variable.
No clue what it's for as it's encrypted. Change your WebID password and your FTP user password to be on the safe side.
Details:
The exploit seems to be consistently 28,278 bytes in size, a PHP file named with either two people's named connected by an underscore or an English word connected to a person's name with an underscore. I've found it in root files, and in an images folder in a wiki site and in an uploads folder in a Wordpress site, and in a trunk folder and images folder for survey software I was testing.
If you know how to grep, you can grep for _8b7b as it appears to consistently use that as a variable.
No clue what it's for as it's encrypted. Change your WebID password and your FTP user password to be on the safe side.
no subject