httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philippe BEAU" <phili...@choup.net>
Subject [users@httpd] Found the origine of Fake in error_log
Date Tue, 30 Jan 2007 20:44:00 GMT
Hello all,

i found from where come the famous Fakename ... Is was a hack ...

here is the trace from strace :

rt_sigaction(SIGCHLD, {SIG_DFL}, {0x8075920, [], SA_RESTORER, 0x44751868},
8) =
0
execve("./yy", ["./yy", "-s", "\"/bin/bash\"", "./soft"], [/* 34 vars */])
= 0
uname({sys="Linux", node="yyy.xxx.com", ...}) = 0
set_tid_address(0)                      = -1 ENOSYS (Function not
implemented)
brk(0)                                  = 0x804a6d4
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3


execve("/home/directory/temp/..././soft", ["\"/bin/bash\""],
 [/* 34 vars */]) = 0
uname({sys="Linux", node="yyy.xxx.com", ...}) = 0

Is anyone can explain me on how to block this attempt ? is this an apache
misconfiguration ? For information, Apache is uptodate ...

Philippe,






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message