<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Making sure you guys saw this.</div><div><br></div><hr id="zwchr"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Geoff Maciolek" &lt;GMaciolek@pvdchosting.com&gt;<br><b>To: </b>webmaster@ovirt.org<br><b>Sent: </b>Sunday, April 12, 2015 5:58:57 PM<br><b>Subject: </b>Proable exploited webserver: &nbsp;resources01.phx.ovirt.org<br><div><br></div>


<style id="owaParaStyle">P {margin-top:0;margin-bottom:0;}</style>


<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org<br>
<br>
Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login.&nbsp; It is EXTREMELY unlikely that this is there intentionally.<br>
<br>
Distressingly, the file has been there since 2014-09-26.<br>
<div><br>
<div style="font-family:Tahoma; font-size:13px">--Geoff Maciolek<br>
PVDCHosting, LLC<br>
</div>
</div>
</div>


<br>_______________________________________________<br>Infra mailing list<br>Infra@ovirt.org<br>http://lists.ovirt.org/mailman/listinfo/infra<br></blockquote><div><br></div></div></body></html>