Re: [users@httpd] Please help... apache hacked?

Sun, 16 Jul 2006 12:03:14 -0700



Ricardo Kleemann <[EMAIL PROTECTED]> wrote:
Thanks Max.

> A first look shows that the script "bots.txt" currently available targets
> vulnerable installation of "Joomla" and "Mambo". There are some
> vulnerabilities reported for the included phpBB and an extension called
> perForms.

But how in the first place, is apache even downloading the bots.txt, and
then, running it? Is it running in-memory, since it's not anywhere in the
filesystem ?

And what commands can be run on port 80 to do the download/run of the
script?

>
> The bot seems to join a specific IRC-chan waiting for commands and looking
> for new vulnerable installations via google-searches.
>
> Perhaps you want to replace any wget-binaries with a shell script logging
> environment and command-line switches to identify the document used to
> retrieve the script.
>
>> PLEASE HELP...
>>
>
> You should stop your Apache! :D
>
> .max
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Just my two cents (which are probably wrong :) ), but have your checked any cron jobs that may be running?

Dave

Reply via email to