Last week, I noticed an attack against my webserver very similar to this one. It doesn’t appear to have been successful, which is good.
Like any fellow server maintainers out there, I know that I will occasionally be the target of an anonymous persons ire. This week it was my turn. I run an Apache server with PHP for my personal projects, nothing important. I also run a number of apps to help me manage my server, like BASE to monitor my snort logs overkill for a personal server, yes I know, and phpMyAdmin to manage the database portion.
I made the mistake of thinking that one of my apps was secure, and the further mistake of not updating it to the most recent version of an app. I blame my busy schedule with school and work for not keeping it more up to date. Today, phpMyAdmin was the culprit.
via Blog Crossed Buns: Deconstruction of a Hack.
Update: Here’s code similar to that which someone attempted to post to my site. And here’s another site which got hit in a similar way.