On moandei 29 Juny 2009, Michal Čihař wrote: > No, in the log, he is using exploited config file (with some custom > code inside).
Ah right. I don't think there's a way we can realistically do anything about an already-compromised installation. That is a general truth for any vulnerability: how can we know to what extent the attacker has influenced the system? We could release a fix of config.inc.php which rejects requests specific to the worm that was released. But this is an incomplete fix necessarily. Wouldn't that bring a false sense of security? Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
