| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <445E37B8.8060108@portsonline.net> Date: Sun May 7 19:09:03 2006 From: ml3 at portsonline.net (ml3@...tsonline.net) Subject: Apache Security Problem - need help Fabio Saber wrote: > Ich gehe davon aus, dass irgendwie Session Daten manipuliert worden sind > und dadurch Dateien downgeloadet wurden. > > Ein Auszug aus der Apache error.log zeigt folgendes: Schalt deinen Server ab. Sofort. > I've some troubles with Apache (1.3.33) on a Debian system. I suppose > that someone manipulated active sessions (PHP) and got access to my system. > A short extract from my apache error.log Disconnect your machine from the internet. Immediately. > ------------------- > error: 'kern.ostype' is an unknown key > error: 'kern.osrelease' is an unknown key > sh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or > directory > --19:32:36-- http://mrx88.altervista.org/iroffer.tar iroffer is a software program that acts as a fileserver for IRC. It is similar to a FTP server or WEB server, but users can download files using the DCC protocol of IRC instead of a web browser. > I can't understand why these lines are in the error.log? > Also some other files have been loaded: > http://mrx88.altervista.org/xhide.c and Process Faker > http://ninobuccheri86.altervista.org/zxcv. Iroffer Configuration file > The downloaded program has also been compiled and started. Congratulations *cough*. You're the 'owner' of a nice warez-server now. ports
Powered by blists - more mailing lists