Re: httpd - mysql - paypal.com.tar - hacker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Gregory P. Ennis wrote:
> P.S. I found the following entry in my error_log of /var/log/httpd/ :
>
> [Sun Aug 16 04:26:19 2009] [info] Server built: Jul 14 2009 06:02:39
> --00:21:14--  http://code.go.ro/paypal.com.tar
> Resolving code.go.ro... 81.196.20.134
> Connecting to code.go.ro|81.196.20.134|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 645120 (630K) [application/x-tar]
> Saving to: `paypal.com.tar'
>   
....

looks like they spoofed something on your server, probably some kinda 
sloppy php,  into running wget.    I'd take a look at the access_log 
around the same timestamp to see if there any hints as to how they did this.

http://xkcd.com/327/


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux