------=_Part_6604786_317443247.1428928821836 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Making sure you guys saw this. ----- Forwarded Message -----
From: "Geoff Maciolek" <GMaciolek@pvdchosting.com> To: webmaster@ovirt.org Sent: Sunday, April 12, 2015 5:58:57 PM Subject: Proable exploited webserver: resources01.phx.ovirt.org
Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org
Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login. It is EXTREMELY unlikely that this is there intentionally.
Distressingly, the file has been there since 2014-09-26.
--Geoff Maciolek PVDCHosting, LLC
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
------=_Part_6604786_317443247.1428928821836 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit <html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Making sure you guys saw this.</div><div><br></div><hr id="zwchr"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Geoff Maciolek" <GMaciolek@pvdchosting.com><br><b>To: </b>webmaster@ovirt.org<br><b>Sent: </b>Sunday, April 12, 2015 5:58:57 PM<br><b>Subject: </b>Proable exploited webserver: resources01.phx.ovirt.org<br><div><br></div> <style id="owaParaStyle">P {margin-top:0;margin-bottom:0;}</style> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org<br> <br> Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login. It is EXTREMELY unlikely that this is there intentionally.<br> <br> Distressingly, the file has been there since 2014-09-26.<br> <div><br> <div style="font-family:Tahoma; font-size:13px">--Geoff Maciolek<br> PVDCHosting, LLC<br> </div> </div> </div> <br>_______________________________________________<br>Infra mailing list<br>Infra@ovirt.org<br>http://lists.ovirt.org/mailman/listinfo/infra<br></blockquote><div><br></div></div></body></html> ------=_Part_6604786_317443247.1428928821836--