This is Lamar Spells's Typepad Profile.
Join Typepad and start following Lamar Spells's activity
Join Now!
Already a member? Sign In
Lamar Spells
Recent Activity
I have seen the same LFI and code injection attacks discussed here and today yet more PHP attacks. This time, an attempt to exploit phpthumb via CVE-2010-1598. Full details along with IPs seen are at: http://foxtrot7security.blogspot.com/2011/12/new-attempts-to-exploit-old-phpthumb.html Anyone else see a big uptick in this activity today?
Ryan, You are correct. This issue is apparently related to the awstats issue we discussed last week, along with some additional information regarding code injection against phpAlbum: http://foxtrot7security.blogspot.com/2011/12/attacks-against-awstats-also-includes.html
@Ryan -- agree completely. There are also some older PHP versions running around out there and at least one of the IPs was/is running Joomla. Lots of other ways to attack other than Apache, but Apache seems to be a pretty common link. Of course, that's to be expected...
Some additional analysis and advice: Patch your ancient versions of Apache too! http://foxtrot7security.blogspot.com/2011/12/importance-of-patching.html
Lamar Spells is now following The Typepad Team
Dec 16, 2011