Trojan attacks

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

New php-forum User
New php-forum User
Posts: 1
Joined: Sat Mar 29, 2014 3:50 am

Trojan attacks

Postby tarzan055 » Sat Mar 29, 2014 3:59 am

Dear All,

i am running wordpress (latest) on windows 2003 with MySql server as usual. lately some one is trying to drop a trojan into my server. the message below i get in the eventviewer:

Name: Backdoor:PHP/SimpleShell.A
ID: 2147684280
Severity: Severe
Category: Backdoor
Path: file:_C:\WINDOWS\Temp\phpF0.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF2.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF4.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF6.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF8.tmp->[PHP];file:_C:\WINDOWS\Temp\phpFA.tmp->[PHP]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: servername\IUSR_servername
Process Name: C:\Program Files\PHP\php-cgi.exe

disabling File_Upload on php.ini solves the problem but i need the upload to be enables so my students will be able to upload files to the wordpress.

am running 5.2.13

any help is appreciated

Return to “Server security”

Who is online

Users browsing this forum: No registered users and 0 guests