Adam Spiers asked:
> I see a couple of scans in my logs from a few days ago. Am I right in
> thinking the only Debian fix available is in sid?
An update for PHP in Squeeze became available in the last hour, I
presume it covers this. There are also a few more packages being
updated.
Ian
From zen57162@??? Wed May 09 18:42:53 2012
Received: from smarthost03.mail.zen.net.uk ([212.23.1.3])
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <zen57162@???>) id 1SSBqd-000361-T6
for users@???; Wed, 09 May 2012 18:42:53 +0000
Received: from [82.70.125.126] (helo=benden.pern)
by smarthost03.mail.zen.net.uk with esmtp (Exim 4.72)
(envelope-from <zen57162@???>) id 1SSBqX-0001P2-Ey
for users@???; Wed, 09 May 2012 18:42:45 +0000
Date: Wed, 9 May 2012 19:42:44 +0100
From: john lewis <zen57162@???>
To: users@???
Message-ID: <20120509194244.786872ea@???>
In-Reply-To: <CAFTQQEmc6Rs1hECwKca95Vt+5ACcVtYPKpCF2gUaJfporXsKow@???>
References: <20120509142238.GR12360@???>
<CAOkDyE-5g0aDiQgyBTR0LRTBc8TSQeVD+BCgFz07PH8iCwUEuQ@???>
<CAFTQQEmc6Rs1hECwKca95Vt+5ACcVtYPKpCF2gUaJfporXsKow@???>
X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Originating-Smarthost03-IP: [82.70.125.126]
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Wed,
09 May 2012 18:42:51 +0000
X-SA-Exim-Connect-IP: 212.23.1.3
X-SA-Exim-Mail-From: zen57162@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd0.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN: AS13037 212.23.0.0/19
X-Spam-Status: No, score=0.0 required=5.0 tests=none shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report:
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] PHP-CGI exploit probes seen - please make sure your
VPS is secured against this
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 18:42:53 -0000
On Wed, 9 May 2012 18:18:00 +0100
Ian <ian@???> wrote:
> An update for PHP in Squeeze became available in the last hour, I
> presume it covers this. There are also a few more packages being
> updated.
Thanks for mentioning that, just done another update (did one
yesterday) and found 9 packages available to be upgraded included
several php5 ones.
Haven't had so many updates in squeeze for months (at least it feels
like that) ;-)
--
John Lewis
Debian & the GeneWeb genealogical data server
From mike@??? Wed May 09 18:49:09 2012
Received: from mail-ey0-f176.google.com ([209.85.215.176])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16)
(Exim 4.72) (envelope-from <mike@???>) id 1SSBwj-0003fS-3f
for users@???; Wed, 09 May 2012 18:49:09 +0000
Received: by eaab16 with SMTP id b16so300098eaa.21
for <users@???>; Wed, 09 May 2012 11:49:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zanker.org; s=google;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type:content-transfer-encoding;
bh=1V0gnuP4WurkqGQ++nW67cNpAU7YReI4vmegY8yKmsQ=;
b=AZx1IpVl6SNQMoOTVFYSusjzwiwdEqreH3YyxbFVVtVV6PnGVgIITkCFkSEffNIoTM
mpG0A4c7BQc/A87ULKsrfUL7iaziAxtz6XPRVwbWx+ZbbYNjlsanTpi77DNTdE3LilSw
FBp2Y8SVSx9j1WdGVwVcl9339+ikz2fRgzWf4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type:content-transfer-encoding
:x-gm-message-state;
bh=1V0gnuP4WurkqGQ++nW67cNpAU7YReI4vmegY8yKmsQ=;
b=PywQrDEMXpw2uVKyXWesYQONZA0oNwaRKUQLDiQUQ1jQ8ROw5+EYe9+LE2b1KTnWvY
kMi/Fj+UNS/GqRWmXrRALazqiUW1ZsN4eaZ4aIN06hgNnt0jo1u+qEW02vj5n432OOBs
OTtUPAL8p1nKhkejcleEcjZ9JtXhFqJ2CqXA8Y1EFCCvqcBYXhYv4jgrDsWRYg9qX8+K
sAiJeJXulc8eUmjwoA2odBv8QofZLnEJYFD6gQiEdJ5AJ+cqpwoNucxlf7VUMtJYduUU
HfwZyMLZBGRaHXMBlYtUT5JYdhdFVjJd+25EZr8em2Y5Q4VpXfzrJddKpSQWNvi01/yg
NZaA==
Received: by 10.213.27.3 with SMTP id g3mr820090ebc.6.1336589342964;
Wed, 09 May 2012 11:49:02 -0700 (PDT)
Received: from [192.168.1.34] (wan-gw.zanker.org. [95.172.230.183])
by mx.google.com with ESMTPS id n52sm16823374eeh.9.2012.05.09.11.49.01
(version=SSLv3 cipher=OTHER); Wed, 09 May 2012 11:49:01 -0700 (PDT)
Message-ID: <4FAABC1B.4040409@???>
Date: Wed, 09 May 2012 19:48:59 +0100
From: Mike Zanker <mike@???>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: users@???
References: <20120509142238.GR12360@???>
<CAOkDyE-5g0aDiQgyBTR0LRTBc8TSQeVD+BCgFz07PH8iCwUEuQ@???>
<
