Security Basics mailing list archives
Re: Strange found in apache error.log
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Mon, 05 Dec 2005 20:33:38 -0500
kc () mikrobit pl wrote:
Hi I found something like this in my apapche error.log
[snip]
And when I look in /tmp I found those 2 perl scripts: bot9.txt and bnc.txt
After that I look here #ps ax and I found 2 alien proccesses .. How could they get and run that scripts ??
A cursory glance suggests phpBB. Are you running that by chance? bnc.txt[1] is a BNC, implemented in Perl.bot9.txt[2] is also Perl, which is just what it sounds like -- a "bot" which connects to arcor.dal.net and joins "#pantaicrew". Server admins have been notified and, presumably, the channel was shutdown. Thanks to Arfie on DALnet for his assistance.
[1] http://www.jeremygaddis.com/files/bnc.txt [2] http://www.jeremygaddis.com/files/bot9.txt -j -- Jeremy L. Gaddis, GCWN http://www.jeremygaddis.com/"In theory, theory and reality are the same. In reality, they're different."
Current thread:
- Strange found in apache error.log kc (Dec 05)
- Re: Strange found in apache error.log ascii (Dec 05)
- Re: Strange found in apache error.log Security (Dec 05)
- Re: Strange found in apache error.log Gaddis, Jeremy L. (Dec 06)
- Root kits and host.deny Frynge.com Support (Dec 08)
- Re: Root kits and host.deny Scott B (Dec 08)
- Re: Root kits and host.deny Jeff Davis (Dec 08)
- Re: Root kits and host.deny Edward Krack (Dec 12)
- Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 12)
- Message not available
- Re: Root kits and host.deny Gaddis, Jeremy L. (Dec 13)
- <Possible follow-ups>
- Re: Strange found in apache error.log arron (Dec 05)
- RE: Strange found in apache error.log Miguel Dilaj (Dec 06)