Proable exploited webserver: resources01.phx.ovirt.org
Geoff Maciolek
GMaciolek at pvdchosting.com
Sun Apr 12 21:58:57 UTC 2015
Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org
Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login. It is EXTREMELY unlikely that this is there intentionally.
Distressingly, the file has been there since 2014-09-26.
--Geoff Maciolek
PVDCHosting, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20150412/537bc43a/attachment.html>
More information about the Infra
mailing list