Morgan Gangwere wrote: > On 7/15/06, Ricardo Kleemann <ricardo@xxxxxxxxxxxxxxx> wrote: >> Thanks Max. >> >> > A first look shows that the script "bots.txt" currently available >> targets >> > vulnerable installation of "Joomla" and "Mambo". There are some >> > vulnerabilities reported for the included phpBB and an extension called >> > perForms. >> <snip> > > does ANYBODY even know what bots.txt even DOES? Clearly not you. > bots.txt should look like this: > > accept all > reject altaVista > > look at virussin.com/bots.txt to see what it SHOULD do... its for > SEARCH EINGINES. the bot grabs it, looks at it, and it its on the > white list of eingines, it caches the site, if its on the blacklist > (reject), it sulks away into a corner... Don't confuse the widely known "robots.txt" file, which is the main component of the Web Robots Exclusion Standard, with a file that happens to be called "bots.txt" A cursory examination of this particular "bots.txt" file seems to indicate that it creates an IRC server. Ricardo: If this server is hosted for you, contact your host and inform them that the machine is probably compromised. They'll probably know what to do. If, instead, you operate the machine, then take it off the internet and backup any data you need from it, using a local network connection only. You will need to scan this data separately, to ensure it doesn't contain any hostile code. There are ways of disinfecting a server, but if you're not confident about your server management skills, the safest way is to format the disk and start again. Install a fresh OS, and before you put it on the internet look up and install: IPTables and an AntiVirus package (ClamAV?). It's a good opportunity to install up-to-date versions of all your apps, and ensure that you don't have out-of-date software on your machine. Good luck. p --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx