httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John" <isofr...@cc.uoi.gr>
Subject Re: [users@httpd] Weird error logs
Date Tue, 08 Feb 2005 17:11:12 GMT

----- Original Message ----- 
From: "Jeremy Hilton" <jeremy-list@adtcs.com>
To: <users@httpd.apache.org>
Sent: Tuesday, February 08, 2005 7:04 PM
Subject: Re: [users@httpd] Weird error logs


> On 2/8/05 6:32 AM, "John" <isofroni@cc.uoi.gr> wrote:
>
> >
> > ----- Original Message -----
> > From: "Eimantas Vaiči?nas" <eimantas.vaiciunas@sc.vu.lt>
> > To: <users@httpd.apache.org>
> > Sent: Tuesday, February 08, 2005 12:27 PM
> > Subject: Re: [users@httpd] Weird error logs
> >
> >
> >> On Tuesday 08 February 2005 11:44, John wrote:
> >>> in my error_log i noticed that errors
> >>>
> >>>
> >>> gunzip: stdout: Broken pipe
> >>>
> >>> gunzip: stdout: Broken pipe
> >>>
> >>> gunzip: stdout: Broken pipe
> >>>
> >>>
> >>> Does anyone know what does this mean?
> >>> I use Apache/1.3.28 (Linux/SuSE) PHP/4.3.3
> >>>
> >>> Thanks in advance.
> >> Don't mind errors, update your apache and php :-)
> >> -- 
> >> Eimantas Vaiči?nas
> >> VU Skaičiavimo centras
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server
Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >>
> >
> > I have the apache patched with the latest patch that Suse issued
> > (apache-1.3.28-77)
> >
> > I cannot see any odd message in the /var/log/messages , not even in the
> > /var/log/warn.
> >
> > How can these errors be produced?
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> Are you using any software like PHPBB? In an older version of PHPBB there
> was vulnerability that allowed attackers to run system commands by query
> string manipulation. They could do nasty little things like wget a perl
> script into /tmp and then execute it. The perl script would open up a
> backdoor on a high numbered port.
>
> The output of the wget command would show up in your apache logs.
>
> I would suggest greping your access logs for gunzip.
>
> Jeremy
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

I found nothing using a

#egrep gunzip access_log

I dont use phpbb2, just a php script (which doesn;'t receive anything from
the URL ($_GET[])



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message