RE: apache security newbie

["Dominik Kallusky" <D.Kallusky () gmx net>]

There are scripts, that scan for the awstats vulnerability?
Does anyone know more about that, or has a link?

> --- Ursprüngliche Nachricht ---
> Von: "Vladimir Luna" <vladimir.luna () gmail com>
> An: <security-basics () securityfocus com>
> Betreff: RE: apache security newbie
> Datum: Mon, 6 Jun 2005 18:55:41 +0200
>
> This seams as 'usual' scans for exploit of awstats.pl 
> The most used exploits that i have come by is hacks done  on awstats.pl
> phpbb´s and on ikonboard why its important to update these often, and
> look if some new security issue has come around regarding those.
> regarding the phpbb; It is often a PHP/phpbb overflow exploit. They gets
> an irc bot uploaded into /tmp and uses one of the users to execute it;
> Being able to execute it using webserver nobody:nobody permissions. They
> then uses the ircbot to ddos around. 
> Its also known that  That systems are often compromised through a Remote
> Command Execution Vulnerability in awstats 6.1: (or other versions) as
> explaned on; 
> http://www.idefense.com/application/poi/display?id=185&type=vulnerabilit
> ies&flashstatus=true 
>
> This last one is what it seams that they were scanning for in your
> system to try to exploit. 
> Many times the site from where the scan is being done is compromised
> machine aswell. I usally reports them back to the isp, wich i recommend
> that you do. 
>
> Best regards, 
>
> _______________________________________
>             Vladimir Luna 
>     Mail: vladimir.luna () gmail com
> ________________________________________

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++