Re: [users@httpd] Please help... apache hacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Ricardo Kleemann <ricardo@xxxxxxxxxxxxxxx> wrote:
Thanks Max.

> A first look shows that the script "bots.txt" currently available targets
> vulnerable installation of "Joomla" and "Mambo". There are some
> vulnerabilities reported for the included phpBB and an extension called
> perForms.

But how in the first place, is apache even downloading the bots.txt, and
then, running it? Is it running in-memory, since it's not anywhere in the
filesystem ?

And what commands can be run on port 80 to do the download/run of the
script?

>
> The bot seems to join a specific IRC-chan waiting for commands and looking
> for new vulnerable installations via google-searches.
>
> Perhaps you want to replace any wget-binaries with a shell script logging
> environment and command-line switches to identify the document used to
> retrieve the script.
>
>> PLEASE HELP...
>>
>
> You should stop your Apache! :D
>
> .max
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Just my two cents (which are probably wrong :) ), but have your checked any cron jobs that may be running?

Dave

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux