Full Disclosure mailing list archives
Apache Security Problem - need help
From: Fabio Saber <php-sec () f-s at>
Date: Sun, 07 May 2006 20:01:49 +0200
Hallo Liste,ich stehe hier vor einem gröberen Problem. Auf mein System (Debian) wurde ein Angriff über (ich vermute mal) Apache (Apache/1.3.33) durchgeführt. Ich gehe davon aus, dass irgendwie Session Daten manipuliert worden sind und dadurch Dateien downgeloadet wurden.
Ein Auszug aus der Apache error.log zeigt folgendes: Hello list,I've some troubles with Apache (1.3.33) on a Debian system. I suppose that someone manipulated active sessions (PHP) and got access to my system.
A short extract from my apache error.log ------------------- error: 'kern.ostype' is an unknown key error: 'kern.osrelease' is an unknown keysh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or directory
--19:32:36-- http://mrx88.altervista.org/iroffer.tar => `iroffer.tar' Resolving mrx88.altervista.org... done. Connecting to mrx88.altervista.org[67.15.189.15]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 126,773 [application/x-tar]0K .......... .......... .......... .......... .......... 40% 66.14 KB/s 50K .......... .......... .......... .......... .......... 80% 146.63 KB/s 100K .......... .......... ... 100% 208.79 KB/s
19:32:38 (102.23 KB/s) - `iroffer.tar' saved [126773/126773] error: 'kern.ostype' is an unknown key error: 'kern.osrelease' is an unknown keysh: line 1: cd: .sess_f345236263adsdadas2737237723: No such file or directory
------------------- I can't understand why these lines are in the error.log?Also some other files have been loaded: http://mrx88.altervista.org/xhide.c and http://ninobuccheri86.altervista.org/zxcv.
The downloaded program has also been compiled and started. Thanks for help! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apache Security Problem - need help Fabio Saber (May 07)
- Re: Apache Security Problem - need help ml3 () portsonline net (May 07)