httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricardo Kleemann" <rica...@americasnet.com>
Subject Re: [users@httpd] Please help... apache hacked?
Date Sat, 15 Jul 2006 16:15:21 GMT
Thanks Max.

> A first look shows that the script "bots.txt" currently available targets 
> vulnerable installation of "Joomla" and "Mambo". There are some 
> vulnerabilities reported for the included phpBB and an extension called 
> perForms.

But how in the first place, is apache even downloading the bots.txt, and 
then, running it? Is it running in-memory, since it's not anywhere in the 
filesystem ?

And what commands can be run on port 80 to do the download/run of the 
script?

>
> The bot seems to join a specific IRC-chan waiting for commands and looking 
> for new vulnerable installations via google-searches.
>
> Perhaps you want to replace any wget-binaries with a shell script logging 
> environment and command-line switches to identify the document used to 
> retrieve the script.
>
>>  PLEASE HELP...
>>
>
> You should stop your Apache! :D
>
> .max
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message