Proable exploited webserver: resources01.phx.ovirt.org
Eyal Edri
eedri at redhat.com
Mon Apr 13 12:54:16 UTC 2015
yes.
and we're currently investigating how to mitigate and ensure
not more issues are found.
thanks,
Eyal.
----- Original Message -----
> From: "Greg Sheremeta" <gshereme at redhat.com>
> To: "infra" <infra at ovirt.org>, "Eyal Edri" <eedri at redhat.com>, "David Caro Estevez" <dcaroest at redhat.com>
> Sent: Monday, April 13, 2015 3:40:21 PM
> Subject: Fwd: Proable exploited webserver: resources01.phx.ovirt.org
>
> Making sure you guys saw this.
>
> ----- Forwarded Message -----
>
> > From: "Geoff Maciolek" <GMaciolek at pvdchosting.com>
> > To: webmaster at ovirt.org
> > Sent: Sunday, April 12, 2015 5:58:57 PM
> > Subject: Proable exploited webserver: resources01.phx.ovirt.org
>
> > Folks, there's a suspious file I saw when browsing
> > plain.resources01.phx.ovirt.org
>
> > Specifically, _h5ai_research.php appears to be a shell - it identifies
> > itself
> > as "c99madshell v.2.0 madnet edition" and prompts for login. It is
> > EXTREMELY
> > unlikely that this is there intentionally.
>
> > Distressingly, the file has been there since 2014-09-26.
>
> > --Geoff Maciolek
> > PVDCHosting, LLC
>
> > _______________________________________________
> > Infra mailing list
> > Infra at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/infra
>
More information about the Infra
mailing list