Home

LAMP Security Plesk

Quick patch for Pre-8.x Plesk Horde vulnerability

Submitted by robot_terror on Tue, 11/27/2007 - 07:19.

Running a pre-8.x version of Plesk? You are probably already hacked.

To find out, run this grep as root: 

 # grep passthru /var/log/httpd/access_log*

See something like this? 

 [root@this_could_be_you root]# grep passthru /var/log/httpd/access_log*
 /var/log/httpd/access_log.1:68.178.241.194 - - [19/Nov/2007:10:48:30 -0600] "POST 
 /horde/services//help/?show=about&module=;%22.passthru(%22%22.chr(47).%22bin%22.[...exploit code redacted...]

Yeah. You're hacked. Go ahead and clear out /tmp and /dev/shm.

»
Syndicate content