I'm reading your posts; thanks for that. I have not had time to
investigate anything yet, though. Still, I suspect this may have more
to do with being on shared hosting and/or having other software
installed than being a Habai issue. Even known vulnerabilities in old
versions of Habari wouldn't have allowed this without you noticing it
happening via different symptoms. I suppose it's possible that Habari
allowed this, but to me it seems more likely that Habari was infected
by some other running script, maybe not installed by you or even in
another shared hosting user's account, by virtue of it having files
with PHP extensions.
I'll see if I can turn up anything else useful from what you've
On Oct 10, 2011, at 4:55 AM, David <david.bl...@gmail.com> wrote:
> Just guessing here, but maybe my vulnerability was that I was
> deploying straight from my svn sandbox. (So an old 0.5 or 0.6
> vulnerability would still be accessible if an attacker knew where to
> drill down?)
> Here's hoping that rm -rf `find . -type d -name .svn` helped.
> Sorry to be talking to myself here - but it may help someone in the
> On Oct 9, 10:02 pm, David <david.bl...@gmail.com> wrote:
>> // We start up output buffering in order to take advantage of output
>> I've got no idea how this happened. Nobody else has my password, and
>> On Oct 9, 4:24 pm, David <david.bl...@gmail.com> wrote:
>>> This may not have anything to do with any weakness in Habari. But it
>>> My webserver is on an shared server at Dreamhost. I'm running Habari
>>> I have the domainhttp://david.dlma.comredirecttohttp://david.dlma.com/habari
>>> It looked like the contents of this file:http://david.dlma.com/index.php_with_weird_eval_statement.txt, except
>>> Following the clues, I've got a subdirectory filled with a storefront
>>> $ ls -al
>>> It's probably just me, but you may want to check for eval calls where
>>> Luckily (or not), the storefront installed on my system was put into a
>>> Sorry if this actually had nothing to do with Habari. I don't know
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.