httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Smith <>
Subject [users@httpd] RE: Possible hack attempt
Date Fri, 28 Oct 2011 22:31:58 GMT
> I was tasked on tracking down the cause of a perl process that is
> hanging on a client server.  The server is opensuse, pretty much out of
> the box, patched pretty current.  Anyway, below is the first log entry
> where it looks like someone attempted to run a perl script.  It also
> appears that a file was somehow saved.  Since I see that there is a url
> in it, I figured I'd ask others if they have seen this attack vector
> recently and what resolution path I might take.

Apparently the hack attempt came through via creloaded v6.4.1.  Not sure if this is a known
issue on their side.  We are running mod_suphp so it looks like the damage is limited to that
particular user id.  I'll probably rebuild the server just in case.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message