Board index   FAQ   Search  
Register  Login
Board index System Administration Server security

Trojan attacks

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

Trojan attacks

Postby tarzan055 » Sat Mar 29, 2014 3:59 am

Dear All,

i am running wordpress (latest) on windows 2003 with MySql server as usual. lately some one is trying to drop a trojan into my server. the message below i get in the eventviewer:

Name: Backdoor:PHP/SimpleShell.A
ID: 2147684280
Severity: Severe
Category: Backdoor
Path: file:_C:\WINDOWS\Temp\phpF0.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF2.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF4.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF6.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF8.tmp->[PHP];file:_C:\WINDOWS\Temp\phpFA.tmp->[PHP]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: servername\IUSR_servername
Process Name: C:\Program Files\PHP\php-cgi.exe

disabling File_Upload on php.ini solves the problem but i need the upload to be enables so my students will be able to upload files to the wordpress.

am running 5.2.13

any help is appreciated
tarzan055
New php-forum User
New php-forum User
 
Posts: 1
Joined: Sat Mar 29, 2014 3:50 am

Return to Server security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.