Ok, so my intuition that somewhere I should find a corresponding entry in
an access log for one of the websites is correct, presumably somewhere
near the time of the timestamp from the error log.
So, this goes more into PHP than Apache but would presumably suggest
either a script allowing an upload or a query string that was exploited or
the like.
Thanks very much.
Jim.
On Sat, 28 Jan 2006, Joshua Slive wrote:
On 1/28/06, James R. Hay <[EMAIL PROTECTED]> wrote:
The entries below were found in the Apache error log while investigating on
apparent exploit. Thus far I have not found any corresponding access log entry
and I am wondering if this is an indication that the intruder gained a shell?
Close enough. It is the stderr from a broken script someplace, most
likely indicating that you have a compromised php script on your
system.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
James R. Hay [EMAIL PROTECTED]
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
