[wp-testers] c99shell.php and uploading php files
Jan Schmidt
info at solarisguru.de
Fri Nov 3 08:20:07 GMT 2006
hello list,
am 03.11.2006, um 13:29:52 +0700 Uhr schrieb Reaper X
short introduction of my person: 34 years old, IT experience since
89, Linux exp. since 1997 and WP experience since yesterday ;-)
> Im interested on hearing how your site got hacked, maybe you could post
> a log files of what the hacker do to your site ? If it's for me i've
> been recently attacked too fortunately the attack was not success.
> Because they (the hackers located from turkey telecom) think i run
> Joomla, Mambo on my site and try to do some remote file inclusion
> attack. Btw did you run other CMS / Forum software on your site ? i mean
> other than wordpress of course. And sorry for my bad english :-)
I had some trouble with WP because I got several "Internal Server
Error: 500". Tonight I was too tired to realize that my mod_security
module from Apache was trying to protect me:
To those of you who have a dedicated machine - install mod_security
and watch the attacks of skript kiddies every night on your console
;-)
Just joking. You could configure mod_sec so that the IP of the
attacking system will be blocked (of course, you could configure this
blocking feature, it's not an automatism).
To those of you who are using a webhosting-bundle: contact your
sysadmin so that they install mod_sec as soon as possible.
Homepage mod_sec: http://www.modsecurity.org/
Another useful protection module is mod_evasive.
Linux-Magazine article:
http://www.linux-magazine.com/issue/62/Charly_Column.pdf
HP: http://www.zdziarski.com/projects/mod_evasive/
Hope I could have helped ;-)
Regards,
Jan
More information about the wp-testers
mailing list