Re: PHP Attacks....

["Michael Mansour" <mic npgx com au>]

> On Wed, Nov 09, 2005 at 05:04:27PM -0500, James Kosin wrote:
> > They also address CVE-2005-3353, CVE-2005-3388, CVE-2005-3389 and
> > CVE-2005-3390...
> > do we need to concern ourselves with these?
> 
> Do you plan to wait until attacks will show up?
> 
>   Michal

Everyday in my logs now I see alot of failed attempts trying to acces various
php programs I don't have installed, using extended program paths etc. Things
like phpBB, Gallery, etc.

The problem is not that we have to wait for something to happen, the problem
is that probes are currently happening, as Sysadmins, it's our job to make
sure our systems are protected from any exploits, especially when we're aware
of them.

Michael.