Surpass Web Hosting Forums - View Single Post

**Kayla** · March 8th, 2006, 5:18 PM

SH72 had an account hit that had a PHP Fan Base installed. We had to disable the directory and inform the client. The exploit was using about 47% server memory alone. This is why the server had problems today, due to this. We again urge you, if you have PHP Fan Base installed or any programs listed below, please check them and make the very needful changes.

If you use any of the following scripts:

FA-PHPHosting
PHPClique
PHPCalendar
PHPCurrently
PHPFanBase
PHPQuotes

Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them:
"

include($logout_page);
"
This allows an attacker to include whatever code they wish into the php file and run the commands.
To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above.

March 8th, 2006, 5:18 PM	#5 (permalink)
Kayla Searcher Surpass Staff Joined in May 2003 Lives in Orlando 24,509 posts Gave thanks: 936 Thanked 787 times	SH72 had an account hit that had a PHP Fan Base installed. We had to disable the directory and inform the client. The exploit was using about 47% server memory alone. This is why the server had problems today, due to this. We again urge you, if you have PHP Fan Base installed or any programs listed below, please check them and make the very needful changes. If you use any of the following scripts: FA-PHPHosting PHPClique PHPCalendar PHPCurrently PHPFanBase PHPQuotes Please disable them immediately or use the fix specified below. There are serious exploits going around the net right now and have been for the past few months. All of these scripts are made by http://codegrrl.com/ and have a ridiculously easy hole in them: " include($logout_page); " This allows an attacker to include whatever code they wish into the php file and run the commands. To avoid getting your site defaced, we recommend you either remove the protection.php file asap, or edit it and remove that line above. __________________ Follow Surpass on Twitter and Facebook Check out interesting finds on the Surpass Blog .... it's coming.