Proable exploited webserver: resources01.phx.ovirt.org

Geoff Maciolek GMaciolek at pvdchosting.com
Sun Apr 12 21:58:57 UTC 2015


Folks, there's a suspious file I saw when browsing plain.resources01.phx.ovirt.org

Specifically, _h5ai_research.php appears to be a shell - it identifies itself as "c99madshell v.2.0 madnet edition" and prompts for login.  It is EXTREMELY unlikely that this is there intentionally.

Distressingly, the file has been there since 2014-09-26.

--Geoff Maciolek
PVDCHosting, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20150412/537bc43a/attachment.html>


More information about the Infra mailing list