Archive for August, 2011

Found a PHP IRC Bot in the Wild

Strange Requests

I was grepping through my access logs the other day and noticed several requests like the following


Strange Text File

I decided to take a look at what j1.txt was and discovered that it was a (nicely commented) PHP script that would join an IRC channel and accept commands. The script looks like it was originally coded in English and was later modified by some Indonesians.

I’m not sure exactly what vulnerability is being exploited here but it’s likely a local file inclusion type vulnerability where j1.txt (the PHP code) would end up on the server and could be executed by visiting a certain URL or embedded in the current page at the current URL.


Apache Killer vs

For those of you that haven’t heard (you must live under a rock), there is currently an unpatched DoS attack against all Apache Web servers that can easily be executed from a single computer. A Perl script was posted to the Full Disclosure mailing list last weekend.

I run Apache 2.2 on so I thought it’d be an interesting experiment to see what happens. So, here we go: Apache Killer vs. TheXploit (more…)

Configure a Working SSL Subdomain on WordPress While Still Using CloudFlare

CloudFlare and Securing WordPress Admin


Go to Top