We were hit last night. I forgot to remove the ability for the Apache server to be able to write some of the php files on the server. There is a problem in addpost_newpoll.php that allows execution of arbitrary code on the server.
I'm running 6.5.2. I don't believe I've skipped any security upgrades. I've included a couple log traces of the issue.
I restored my original files back. Changed everything to 444 and removed the addpost_newpoll.php and disabled polls on the machine. It's not much of an issue because it is basically an unused feature.
Last edited by Rick Baker; 05/03/2006 5:51 PM.
