Thanks Max.
A first look shows that the script "bots.txt" currently available targets
vulnerable installation of "Joomla" and "Mambo". There are some
vulnerabilities reported for the included phpBB and an extension called
perForms.
But how in the first place, is apache even downloading the bots.txt, and
then, running it? Is it running in-memory, since it's not anywhere in the
filesystem ?
And what commands can be run on port 80 to do the download/run of the
script?
The bot seems to join a specific IRC-chan waiting for commands and looking
for new vulnerable installations via google-searches.
Perhaps you want to replace any wget-binaries with a shell script logging
environment and command-line switches to identify the document used to
retrieve the script.
PLEASE HELP...
You should stop your Apache! :D
.max
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
