Re: Proable exploited webserver: resources01.phx.ovirt.org

From: "Greg Sheremeta" <gshereme(a)redhat.com&gt; To: "infra" <infra(a)ovirt.org&gt;, "Eyal Edri" <eedri(a)redhat.com&gt;, "David Caro Estevez" <dcaroest(a)redhat.com&gt; Sent: Monday, April 13, 2015 3:40:21 PM Subject: Fwd: Proable exploited webserver: resources01.phx.ovirt.org Making sure you guys saw this. ----- Forwarded Message ----- > From: "Geoff Maciolek" <GMaciolek(a)pvdchosting.com&gt; > To: webmaster(a)ovirt.org > Sent: Sunday, April 12, 2015 5:58:57 PM > Subject: Proable exploited webserver: resources01.phx.ovirt.org > Folks, there's a suspious file I saw when browsing > plain.resources01.phx.ovirt.org > Specifically, _h5ai_research.php appears to be a shell - it identifies > itself > as "c99madshell v.2.0 madnet edition" and prompts for login. It is > EXTREMELY > unlikely that this is there intentionally. > Distressingly, the file has been there since 2014-09-26. > --Geoff Maciolek > PVDCHosting, LLC > _______________________________________________ > Infra mailing list > Infra(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra