Re: Apache hacks (./atac, d0s.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Apache hacks (./atac, d0s.txt)
From: "a.list.address@xxxxxxxxx" <a.list.address@xxxxxxxxx>
Date: Sat, 30 Apr 2005 22:11:48 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NxCqcv8pCEzEVIJB+C8AWcvppi6lURrKcPjlm/Z5jX3zWbKZT5cjpKjKIJGEwUNvOnt29L7DAHKfRe+dx8MEdNrXd0XqqMM7NfjYk1299xqHArc7QIj8qG4Bx/PXxXfL+YICYX/BT33aIL5wXn9NJaX0iF+RyKhPF+2hO7n66Gw=
In-reply-to: <20050429190358.GA3757@AndrewNg.com>
References: <20050429190358.GA3757@AndrewNg.com>
Reply-to: "a.list.address@xxxxxxxxx" <a.list.address@xxxxxxxxx>

Looks like someone was trying to use your server as a DDoS zombie. 
What kind of Perl or PHP scripts are on your server?  Look in your
Apache access log for POST requests that may have uploaded one of
these files, or GET/POST requests that may have uploaded a URL to
download one of these files.  See if you can figure out how it got on
your server.

Follow-Ups:
- Re: Apache hacks (./atac, d0s.txt)
  - From: Nick Bright

References:
- Apache hacks (./atac, d0s.txt)
  - From: Andrew Y Ng

Prev by Date: Insecure pty permissions in OS X < 10.4
Next by Date: Microsoft WINS Vulnerability + OS/SP Scanner
Previous by thread: Apache hacks (./atac, d0s.txt)
Next by thread: Re: Apache hacks (./atac, d0s.txt)
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux