Thanks Max.
A first look shows that the script "bots.txt" currently available targets vulnerable installation of "Joomla" and "Mambo". There are some vulnerabilities reported for the included phpBB and an extension called perForms.
But how in the first place, is apache even downloading the bots.txt, and then, running it? Is it running in-memory, since it's not anywhere in the filesystem ?
And what commands can be run on port 80 to do the download/run of the script?
The bot seems to join a specific IRC-chan waiting for commands and looking for new vulnerable installations via google-searches.Perhaps you want to replace any wget-binaries with a shell script logging environment and command-line switches to identify the document used to retrieve the script.PLEASE HELP...You should stop your Apache! :D .max --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|