You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe
A external attacker is taking leverage of the additional_webservices file used for PPT to PNG conversion to run arbitrary code with the user running PHP which on my case was containted (thankfully) using ISPconfig
To Reproduce
Steps to reproduce the behavior:
Attackers send a POST SOAP request with an embedded base64 encrypted bash command to download new scripts, so far they did cryptomining and SPAM mailing using an automatic client
Describe
A external attacker is taking leverage of the additional_webservices file used for PPT to PNG conversion to run arbitrary code with the user running PHP which on my case was containted (thankfully) using ISPconfig
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Not let attackers mine on your server? :)
Screenshots
Attacker IP: 103.214.112.10
Desktop (please complete the following information):
**Server
The text was updated successfully, but these errors were encountered: