Hello all,
i found from where come the famous Fakename ... Is was a hack ...
here is the trace from strace :
rt_sigaction(SIGCHLD, {SIG_DFL}, {0x8075920, [], SA_RESTORER, 0x44751868},
8) =
0
execve("./yy", ["./yy", "-s", "\"/bin/bash\"", "./soft"], [/* 34 vars */])
= 0
uname({sys="Linux", node="yyy.xxx.com", ...}) = 0
set_tid_address(0) = -1 ENOSYS (Function not
implemented)
brk(0) = 0x804a6d4
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
execve("/home/directory/temp/..././soft", ["\"/bin/bash\""],
[/* 34 vars */]) = 0
uname({sys="Linux", node="yyy.xxx.com", ...}) = 0
Is anyone can explain me on how to block this attempt ? is this an apache
misconfiguration ? For information, Apache is uptodate ...
Philippe,
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|