20 Mar
2004
20 Mar
'04
22:42
On Sat, 20 Mar 2004, Jeroen Taalman wrote:
To: suse-security@suse.com From: Jeroen Taalman
Subject: [suse-security] server hacked, but how? Hi There,
At the time of the hack we were using:
Apache 1.3.28 and 1.3.29 PHP 4.3.2 Cvsd 0.9.20 Openssl 0.9.6i Suse auto_update Webmin 1.131
Did you change the default settings of php.ini before going online? These are insecure by default. Try taking a look at chapter 20 of the php4 manual, about remote file access. This may help you. Kind Regards - Keith Roberts