Gregory P. Ennis wrote: > P.S. I found the following entry in my error_log of /var/log/httpd/ : > > [Sun Aug 16 04:26:19 2009] [info] Server built: Jul 14 2009 06:02:39 > --00:21:14-- http://code.go.ro/paypal.com.tar > Resolving code.go.ro... 81.196.20.134 > Connecting to code.go.ro|81.196.20.134|:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: 645120 (630K) [application/x-tar] > Saving to: `paypal.com.tar' > .... looks like they spoofed something on your server, probably some kinda sloppy php, into running wget. I'd take a look at the access_log around the same timestamp to see if there any hints as to how they did this. http://xkcd.com/327/ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: httpd - mysql - paypal.com.tar - hacker
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: httpd - mysql - paypal.com.tar - hacker
- From: John R Pierce <pierce@xxxxxxxxxxxx>
- Date: Fri, 21 Aug 2009 14:20:38 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <1250888923.3155.19.camel@xxxxxxxxxxxxxxx>
- References: <1250888923.3155.19.camel@xxxxxxxxxxxxxxx>
- User-agent: Thunderbird 2.0.0.23 (Windows/20090812)
- References:
- httpd - mysql - paypal.com.tar - hacker
- From: Gregory P. Ennis
- httpd - mysql - paypal.com.tar - hacker
- Prev by Date: Re: httpd - mysql - paypal.com.tar - hacker
- Next by Date: httpd - mysql - paypal.com.tar - hacker
- Previous by thread: Re: httpd - mysql - paypal.com.tar - hacker
- Next by thread: httpd - mysql - paypal.com.tar - hacker
- Index(es):
 |