php - a defacement file information request

Published: 2005-11-13
Last Updated: 2005-11-13 02:03:40 UTC
by Patrick Nolan (Version: 4)
0 comment(s)
A while back casus15.php was being found on a number of servers. According to one source at the time "Its a script that was created to excute system commands on your server using the system() function.". If you're running into casus15.php please drop us a note on your determination of how it was installed at your network.

casus15.php has shown up a few times at Zone-H DIGITAL ATTACKS ARCHIVE.

Googlebot's capture of one system, that caught a SSH connection, scroll to the bottom and catch;
_ENV["SSH_CONNECTION"] 200.74.99.107 4172 217.160.240.17 22

Thanks!
Keywords:
0 comment(s)

Comments


Diary Archives