On 7/15/06, Ricardo Kleemann <ricardo@xxxxxxxxxxxxxxx> wrote:
Thanks Max. > A first look shows that the script "bots.txt" currently available targets > vulnerable installation of "Joomla" and "Mambo". There are some > vulnerabilities reported for the included phpBB and an extension called > perForms. But how in the first place, is apache even downloading the bots.txt, and then, running it? Is it running in-memory, since it's not anywhere in the filesystem ? And what commands can be run on port 80 to do the download/run of the script? > > The bot seems to join a specific IRC-chan waiting for commands and looking > for new vulnerable installations via google-searches. > > Perhaps you want to replace any wget-binaries with a shell script logging > environment and command-line switches to identify the document used to > retrieve the script. > >> PLEASE HELP... >> > > You should stop your Apache! :D > > .max > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
does ANYBODY even know what bots.txt even DOES? bots.txt should look like this: accept all reject altaVista look at virussin.com/bots.txt to see what it SHOULD do... its for SEARCH EINGINES. the bot grabs it, looks at it, and it its on the white list of eingines, it caches the site, if its on the blacklist (reject), it sulks away into a corner... M-g -- "Space does not reflect society, it expresses it." -- Castells, M., Space of Flows, Space of Places: Materials for a Theory of Urbanism in the Information Age, in The Cybercities Reader, S. Graham, Editor. 2004, Routledge: London. p. 82-93. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|