Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Jose Marrero
Life is only probabilities...isn't it? A quick link for an overview: http://en.wikipedia.org/wiki/Referer_spam There are blacklists elsewhere, some updated every 15 minutes. On Mon, January 23, 2006 8:58 am, Christoph Ulrich Scholler said: > Hi, > > On 23.01. 07:46, Jose Marrero wrote: >> Apac

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Christoph Ulrich Scholler
Hi, On 23.01. 07:46, Jose Marrero wrote: > Apache configured with mod_rewrite to deny blank or fake referers is a > good idea. How can you tell that a referrer is fake? Regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECT

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Jose Marrero
Just a couple of things: Apache configured with mod_rewrite to deny blank or fake referers is a good idea. Do you have apache configured with mod_security? I highly recommend this last one since you run an php based CMS and can protect from exploits not yet discovered. On Mon, January 23, 2006

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Maik Holtkamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Edward Shornock schrieb: > > On Mon, Jan 23, 2006 at 08:31:40AM +0100, Maik Holtkamp wrote: > > Hi, > > > > yesterday morning I found a strange entry in my apache log files (debian > > sarge, apache 1.3, mambo 4.5.3, kernel 2.4.31). It's a dyndns home

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Edward Shornock
Oops...didn't trim enough of the response and curiosity made me research this. According to the sophos site: --cut-- Linux/Rst-B will attempt to infect all ELF executables in the current working directory and the directory /bin If Linux/Rst-B is executed by a privileged user then it may attempt

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Edward Shornock
On Mon, Jan 23, 2006 at 08:31:40AM +0100, Maik Holtkamp wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > yesterday morning I found a strange entry in my apache log files (debian > sarge, apache 1.3, mambo 4.5.3, kernel 2.4.31). It's a dyndns homelan > Server, just serving my F

Re: Strange Apache log and mambo security - sexy executable

2006-01-23 Thread Michael Loftis
--On January 23, 2006 8:31:40 AM +0100 Maik Holtkamp <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, yesterday morning I found a strange entry in my apache log files (debian sarge, apache 1.3, mambo 4.5.3, kernel 2.4.31). It's a dyndns homelan Server, just serv

Strange Apache log and mambo security - sexy executable

2006-01-22 Thread Maik Holtkamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, yesterday morning I found a strange entry in my apache log files (debian sarge, apache 1.3, mambo 4.5.3, kernel 2.4.31). It's a dyndns homelan Server, just serving my Family and some good friends (normally). - ---cut--- 132.248.204.65 - - [19/Jan