@ 2:14:00 AM on 11/9/01, Brian Clark wrote: >> I'm running a PHP/mySQL site which has been hacked twice this week >> :-(((
>> I'm not so bad at security but I don't know any active resource to >> be aware of hole in PHP and/or MySQL, which forum/newsgroup/list >> wouldbe advice? > Would you happen to be running PHP-Nuke? Gotta go - Nevertheless, these are must reads: <http://www.cgisecurity.com/papers/fingerprint-port80.txt> <http://www.securereality.com.au/studyinscarlet.txt> <http://www.php.net/manual/en/security.php> You also might want to subscribe to Bugtraq: <http://www.securityfocus.com/cgi-bin/subscribe.pl> There was a PHP-Nuke advisory dated Nov 8 on Bugtraq: "Copying and Deleting Files Using PHP-Nuke" And if you do run PHP-Nuke: <http://www.phpnuke.org/forums/viewforum.php?forum=5&39> <http://www.phpnuke.org/forums/index.php> (Not sure what happened to that site, but they used to have `Topics' with security announcements. Looks like a ghost town..) -- -Brian Clark | PGP is spoken here: 0xE4D0C7C8 Please, DO NOT carbon copy me on list replies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
