yes. and we're currently investigating how to mitigate and ensure not more issues are found. thanks, Eyal. ----- Original Message -----
From: "Greg Sheremeta" <gshereme@redhat.com> To: "infra" <infra@ovirt.org>, "Eyal Edri" <eedri@redhat.com>, "David Caro Estevez" <dcaroest@redhat.com> Sent: Monday, April 13, 2015 3:40:21 PM Subject: Fwd: Proable exploited webserver: resources01.phx.ovirt.org
Making sure you guys saw this.
----- Forwarded Message -----
From: "Geoff Maciolek" <GMaciolek@pvdchosting.com> To: webmaster@ovirt.org Sent: Sunday, April 12, 2015 5:58:57 PM Subject: Proable exploited webserver: resources01.phx.ovirt.org
Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org
Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login. It is EXTREMELY unlikely that this is there intentionally.
Distressingly, the file has been there since 2014-09-26.
--Geoff Maciolek PVDCHosting, LLC
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra