Re: (c 5.6) Running 2 versions of Apache ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, Aug 29, 2011 at 3:14 PM, Always Learning <centos@xxxxxxxxxxx> wrote:
>
>> That probably means the intrusion is self-propagating.  That is, if
>> the target is running some vulnerable php version or application, it
>> is able to install a copy of itself and start over.
>
> In this particular incident, I am reasonable certain the loony is using
> tools to find vulnerable IPs and then manually feeding the address into
> his scrip.

That means he's not very good at it yet.  The ones you need to worry
about will send quick exploit tests cycling through different
destinations, that if they succeed will post to a central receiver.
Then later, likely from a different location, it will send the one
that attempts to escalate access to root and/or establish a connection
back for central control.  The point here being that an IP block
probably won't help much against an exploit that works well enough to
establish a distributed base.

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux