[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnubg] What's up with www.gnubg.org
From: |
Michael Petch |
Subject: |
Re: [Bug-gnubg] What's up with www.gnubg.org |
Date: |
Wed, 30 Jan 2013 09:08:30 -0700 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
On 2013-01-30 08:41, Øystein Schønning-Johansen wrote:
> Something like that. I've cleaned out the shit, and I think it works
> agian, but I guess the PHP injection hole is still there. I can check
> the access logs and the other logs I got. The attack was performed
> yesterday.
> Thnaks to Louis for reorting this in the first place.
>
I noticed that the board images that are on the right hand side of the
www.gnubg.org main page don't appear properly. I also observed for the
last few minutes that if you paste this command into the browser you get
redirected to that fantasy site:
http://www.gnubg.org/phpThumb/phpThumb.php?src=/shots/gnubg_win.png&w=140
While I was writing this email it seems to have been corrected, but it
has me wondering if phpthumb was the point of attack, as mentioned here:
http://forums.modx.com/index.php/topic,55314.0.html
--
Michael Petch
CApp::Sysware Consulting Ltd.
OpenPGP FingerPrint=D81C 6A0D 987E 7DA5 3219 6715 466A 2ACE 5CAE 3304
- [Bug-gnubg] What's up with www.gnubg.org, Louis Zulli, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Øystein Schønning-Johansen, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Øystein Schønning-Johansen, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Michael Petch, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Michael Petch, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Øystein Schønning-Johansen, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Louis Zulli, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org,
Michael Petch <=
- Re: [Bug-gnubg] What's up with www.gnubg.org, Øystein Schønning-Johansen, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Mary Hickey, 2013/01/30
- Re: [Bug-gnubg] What's up with www.gnubg.org, Russ Allbery, 2013/01/30