httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John <>
Subject Re[2]: [users@httpd] I've been hacked, I need some help please...
Date Mon, 21 Mar 2005 20:11:44 GMT

From: <>
To: <>
Date: Monday, March 21, 2005, 9:45:51 PM
Subject: [users@httpd] I've been hacked, I need some help please...

  Monday, March 21, 2005, 9:45:51 PM, you wrote:

  > I got the same problem one month ago, I was running awstas(log statistics),
> anyway, they got access to /tmp wrote some files and execute the telnet
> program at first I thought well this cant be firewall blocks everything
> except port 80,  I found the code for the exploit and bad news, the exploit
> connect to a remote machine and give a telnet shell on the remote machine
> after that I'm blocking outgoing port too. To bad for me and my laziness.
> Those stupid thing make me work 28 hs non stop.

> Also found allot of backdoors i don't know if  was working at all but
> running in ports already in use like port 80 and 21 and lots of modified
> files like ps, who, ftpwho and some freaking ftp server (gssftp) witch with
> some very weird install instruction gave root access to remote users. At
> this point i was sure it was a script-kidie  but found evidence of more than
> one attackers.

> My point is i could NEVER fell save just fixing things. So reinstalled.

> Angelo

> ----- Original Message ----- 
> From: "Ivan Barrera A." <>
> To: <>
> Sent: Wednesday, March 16, 2005 9:51 AM
> Subject: Re: [users@httpd] I've been hacked, I need some help please...

So you think that was an awstats exploit that let the intruder to
install the telnet program?

Which awstats version you were using?

Thanks in advance


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message