[dev] [SECURITY] Horde was used to hack my system

Patrice Levesque horde.wayne at ptaff.ca
Wed Apr 12 08:40:41 PDT 2006


> I think there is a problem in /horde/services/help/index.php. This script was
> used to dump some files in my temp dir and to start an irc server. The logs
> are below. I haven't looked at the code yet. I'm scanning my system first.


1)  This was posted on horde-announce two weeks ago.
    http://marc.theaimsgroup.com/?l=horde-announce&m=114355248404792&w=2

    There is a notice on the HOME PAGE of horde since march 28th.
    http://www.horde.org/

2)  A mailing list is _never_ the place to discuss security issues.  Whatever the
    project.  Don't feed the crackers.
    http://www.horde.org/support.php


Don't want to be rude, but do your homework next time.

-- 
 --====|====--
    --------================|================--------
        Patrice Levesque
         http://ptaff.ca/
        horde.wayne at ptaff.ca
    --------================|================--------
 --====|====--
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.horde.org/archives/dev/attachments/20060412/68440931/attachment.bin


More information about the dev mailing list