[Novalug] php vulnerability is affecting my web pages at remote host
John Atkeson
jcatkeson@gmail.com
Wed May 16 07:56:27 EDT 2012
What's weird is that the PHP service shouldn't even be *looking* at
your index.html files. AFAIK all PHP files must have a .PHP
extension: http://www.w3schools.com/php/php_syntax.asp
I'm a PHP novice but it sounds like the exploit is executing somewhere
else, scanning for html files and modifying them just because they
have a particular extension. The infection machine itself would not
even have to be of PHP origin.
What happens when you rename an index.html file to index.shtml and
wait for re-infection?
More information about the Novalug
mailing list