Interesting stuff! (Although only marginally about DokuWiki) Googling "namogofer" or its md5('f') response gets hundreds of hits, so I assume there are a significant number of compromised hosts. Any idea what the target app was? Todd Augsburger todd@xxxxxxxxxxxxxxxx Roller Organs www.rollerorgans.com -------------------------------------------------- From: "Jonathan Dill" <jonathan@xxxxxxxxx> Sent: Monday, February 11, 2008 1:54 PM To: <dokuwiki@xxxxxxxxxxxxx> Subject: [dokuwiki] Re: attempt to use possible vulnerability of dokuwiki Someone with whom I have been discussing this just_a_test set up a honeypot to find out what else happens with this infection: http://web.dtbaker.com.au/post/catching_echo_md5_just_a_test_exploit_attempts.html Seems to drop a file called namogofer.php in all of the directories in the web tree. Jonathan -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist