httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Randy McMillan" <ra...@pacinfo.com>
Subject Re: [users@httpd] hacker access shown in error.log
Date Thu, 02 Oct 2003 18:07:16 GMT

----- Original Message ----- 
From: "Dirk-Willem van Gulik" <dirkx@webweaving.org>
To: <users@httpd.apache.org>
Sent: Thursday, October 02, 2003 10:08 AM
Subject: Re: [users@httpd] hacker access shown in error.log


>
>
> On Thu, 2 Oct 2003, Randy McMillan wrote:
>
> > just did, then it would seem to be a configuration issue and I could use
> > some hints.  I googled some of the program names, but didn't come up
with
> > anything specific.
>
> It is a small deamon which typically sits on port 55555 and connects any
> incoming connection (telnet) through to a /bin/sh running as the user it
> was started as. It appears in your PS listing pretending to be called
> 'httpd' or as '/usr/local/apache/httpd'. (It sets argv[0]).
>
> Dw
>

Thanks.  I found the 'httpd' in a PS log (created via cron job), but how is
it started via the web server?

Randy.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message