[nsp-sec] Ddos controller - caatadgouk.com
Ross, Jason
Jason.Ross at GlobalCrossing.com
Fri Jun 27 13:55:37 EDT 2008
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of John Fraizer
> Sent: Friday, June 27, 2008 1:44 PM
> To: Rob Thomas
> Cc: nsp-security NSP
> Subject: Re: [nsp-sec] Ddos controller - caatadgouk.com
>
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rob Thomas wrote:
>> ----------- nsp-security Confidential --------
>
>> -------------------------------------------------
>> 2008-01-21 21:45:13 | 85.255.121.195 | 27595 | malwareurl |
>> http://xdrkzahpvq.cn/progs/arzoegr/sjujmaik.php
>>
>> This one appears to be Debian Linux with Apache 2.2.6 and PHP
>> 5.2.4-2 with "Suhosin-Patch." I'm too lazy to Google that
>> patch, so I've no clue what that is.
>>
>
<snip>
> Unlike the PHP Hardening-Patch Suhosin is binary compatible to
> normal PHP installation, which means it is compatible to 3rd party
> binary extension like ZendOptimizer.
May also be worth noting is that it is installed by default on
Debian/Ubuntu when you install Apache2/PHP5 using the package
repositories.
--
Jason
More information about the nsp-security
mailing list