Full Disclosure mailing list archives
Re: Apache Security Problem - need help
From: "ml3 () portsonline net" <ml3 () portsonline net>
Date: Sun, 07 May 2006 20:08:56 +0200
Fabio Saber wrote:
Ich gehe davon aus, dass irgendwie Session Daten manipuliert worden sind und dadurch Dateien downgeloadet wurden.Ein Auszug aus der Apache error.log zeigt folgendes:
Schalt deinen Server ab. Sofort.
I've some troubles with Apache (1.3.33) on a Debian system. I suppose that someone manipulated active sessions (PHP) and got access to my system.A short extract from my apache error.log
Disconnect your machine from the internet. Immediately.
------------------- error: 'kern.ostype' is an unknown key error: 'kern.osrelease' is an unknown keysh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or directory--19:32:36-- http://mrx88.altervista.org/iroffer.tar
iroffer is a software program that acts as a fileserver for IRC. It is similar to a FTP server or WEB server, but users can download files using the DCC protocol of IRC instead of a web browser.
I can't understand why these lines are in the error.log?Also some other files have been loaded: http://mrx88.altervista.org/xhide.c and
Process Faker
http://ninobuccheri86.altervista.org/zxcv.
Iroffer Configuration file
The downloaded program has also been compiled and started.
Congratulations *cough*. You're the 'owner' of a nice warez-server now. ports _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apache Security Problem - need help Fabio Saber (May 07)
- Re: Apache Security Problem - need help ml3 () portsonline net (May 07)