Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
WEBLOGS PHP
2008-08-19	Johannes Ullrich	A morning stroll through my web logs
WEBLOGS
2023-07-23/a>	Guy Bruneau	Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2011-05-17/a>	Johannes Ullrich	A Couple Days of Logs: Looking for the Russian Business Network
2010-01-20/a>	Johannes Ullrich	Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com
2009-10-26/a>	Johannes Ullrich	Web honeypot Update
2008-08-19/a>	Johannes Ullrich	A morning stroll through my web logs
PHP
2024-03-29/a>	Xavier Mertens	Quick Forensics Analysis of Apache logs
2023-09-23/a>	Guy Bruneau	Scanning for Laravel - a PHP Framework for Web Artisants
2022-09-07/a>	Johannes Ullrich	PHP Deserialization Exploit attempt
2022-02-02/a>	Johannes Ullrich	Finding elFinder: Who is looking for your files?
2021-11-30/a>	Johannes Ullrich	Hunting for PHPUnit Installed via Composer
2020-06-05/a>	Remco Verhoef	Not so FastCGI!
2019-07-18/a>	Xavier Mertens	Malicious PHP Script Back on Stage?
2019-04-04/a>	Xavier Mertens	New Waves of Scans Detected by an Old Rule
2018-11-16/a>	Xavier Mertens	Basic Obfuscation With Permissive Languages
2018-07-11/a>	Remco Verhoef	Well, Hello Again Peppa!
2018-07-02/a>	Guy Bruneau	Hello Peppa! - PHP Scans
2018-06-13/a>	Xavier Mertens	A Bunch of Compromized Wordpress Sites
2018-05-06/a>	Guy Bruneau	Scans Attempting to use PowerShell to Download PHP Script
2017-09-14/a>	Xavier Mertens	Another webshell, another backdoor!
2017-08-07/a>	Xavier Mertens	Increase of phpMyAdmin scans
2017-02-28/a>	Xavier Mertens	Analysis of a Simple PHP Backdoor
2016-12-26/a>	Russ McRee	Critical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-07-13/a>	Xavier Mertens	Drupal: Patch released today to fix a highly critical RCE in contributed modules
2015-07-12/a>	Guy Bruneau	PHP 5.x Security Updates
2014-09-19/a>	Guy Bruneau	PHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22/a>	Richard Porter	PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22/a>	Richard Porter	PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-16/a>	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04/a>	Stephen Hall	PHP 5.4.27 released
2014-03-27/a>	Alex Stanford	Mass XSSodus in PHP
2013-10-25/a>	Johannes Ullrich	PHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24/a>	Johannes Ullrich	False Positive: php.net Malware Alert
2013-09-19/a>	Bojan Zdrnja	Arrays in requests, PHP and DedeCMS
2013-08-11/a>	Bojan Zdrnja	XATattacks (attacks on xat.com)
2013-08-04/a>	Johannes Ullrich	BBCode tag "[php]" used to inject php code
2013-06-07/a>	Daniel Wesemann	PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22/a>	Chris Mohan	PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-17/a>	Russ McRee	PHP 5.4.11 and PHP 5.3.21 released
2012-09-19/a>	Russ McRee	Script kiddie scavenging with Shellbot.S
2012-06-14/a>	Johannes Ullrich	PHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08/a>	Kevin Liston	PHP 5.4.3 and PHP 5.3.13 Released
2012-04-05/a>	Johannes Ullrich	Evil hides everywhere: Web Application Exploits in Headers
2012-03-07/a>	Johannes Ullrich	What happened to RFI attacks?
2012-02-07/a>	Johannes Ullrich	Secure E-Mail Access
2012-02-03/a>	Guy Bruneau	PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-02-03/a>	Johannes Ullrich	Critical PHP bug patched
2012-01-16/a>	Kevin Shortt	php 5.3.9 released -Jan-10-2011
2012-01-12/a>	Rob VandenBrink	PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-08-22/a>	Jim Clausing	DO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18/a>	Rob VandenBrink	PHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2010-08-31/a>	Bojan Zdrnja	Interesting PHP injection
2010-08-10/a>	Daniel Wesemann	SSH - new brute force tool?
2010-07-04/a>	Manuel Humberto Santander Pelaez	Interesting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14/a>	Manuel Humberto Santander Pelaez	Another way to get protection for application-level attacks
2010-05-23/a>	Manuel Humberto Santander Pelaez	e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27/a>	Guy Bruneau	PHP 5.2.13 Security Update
2010-01-29/a>	Johannes Ullrich	Analyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28/a>	Johannes Ullrich	8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20/a>	Mark Hofman	PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01/a>	Deborah Hale	Website Warnings
2009-06-26/a>	Mark Hofman	PHPMYADMIN scans
2009-06-24/a>	Kyle Haugsness	Exploit tools are publicly available for phpMyAdmin
2009-06-21/a>	Scott Fendley	phpMyAdmin Scans
2009-04-07/a>	Johannes Ullrich	Common Apache Misconception
2009-02-03/a>	Swa Frantzen	On the importance of patching fast
2008-12-10/a>	Stephen Hall	PHP Group has released PHP version 5.2.8
2008-09-09/a>	Swa Frantzen	wordpress upgrade
2008-08-19/a>	Johannes Ullrich	A morning stroll through my web logs
2008-05-05/a>	John Bambenek	PHP 5.2.6 out w/ security updates
2006-12-24/a>	Swa Frantzen	phpBB 2.0.22 - upgrade time
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
2006-09-13/a>	Swa Frantzen	PHP - shared hosters, take note.

WEBLOGS PHP

WEBLOGS

PHP