Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: php - a defacement file information request - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
php - a defacement file information request
A while back casus15.php was being found on a number of servers. According to one source at the time "Its a script that was created to excute system commands on your server using the system() function.". If you're running into casus15.php please drop us a note on your determination of how it was installed at your network.

casus15.php showed up a few times at Zone-H DIGITAL ATTACKS ARCHIVE.

Googlebot's capture of one system, that caught a SSH connection, scroll to the bottom and catch;
_ENV["SSH_CONNECTION"] 200.74.99.107 4172 217.160.240.17 22

Thanks!
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!