[Novalug] php vulnerability is affecting my web pages at remote host

John Atkeson jcatkeson@gmail.com
Wed May 16 07:56:27 EDT 2012


What's weird is that the PHP service shouldn't even be *looking* at
your index.html files.  AFAIK all PHP files must have a .PHP
extension: http://www.w3schools.com/php/php_syntax.asp

I'm a PHP novice but it sounds like the exploit is executing somewhere
else, scanning for html files and modifying them just because they
have a particular extension.  The infection machine itself would not
even have to be of PHP origin.

What happens when you rename an index.html file to index.shtml and
wait for re-infection?



More information about the Novalug mailing list