Security Basics mailing list archives
RE: apache security newbie
From: "Vladimir Luna" <vladimir.luna () gmail com>
Date: Wed, 8 Jun 2005 20:11:32 +0200
Yes, sorry to say, the 'kiddies' has those kinda tools and uses it a lot from hacked boxes to scan broadly on *all* IP's of c-blocks, etc. Best solution is to allways keep your stuff updated. Due to the nature of such program i think its best not to direct anyone to them. I would recommend you to contact the isp that was trying to get into your box and alert them of possible intrusion into their system thats possible being used for scan's in order to try to break into your box. Sorry for my bad english. _______________________________________ Vladimir Luna Mail: vladimir.luna () gmail com ________________________________________
-----Original Message----- From: Dominik Kallusky [mailto:D.Kallusky () gmx net] Sent: Tuesday, June 07, 2005 5:38 PM To: security-basics () securityfocus com Subject: RE: apache security newbie There are scripts, that scan for the awstats vulnerability? Does anyone know more about that, or has a link?--- Ursprüngliche Nachricht --- Von: "Vladimir Luna" <vladimir.luna () gmail com> An: <security-basics () securityfocus com> Betreff: RE: apache security newbie Datum: Mon, 6 Jun 2005 18:55:41 +0200 This seams as 'usual' scans for exploit of awstats.pl The most used exploits that i have come by is hacks doneon awstats.plphpbb´s and on ikonboard why its important to update theseoften, andlook if some new security issue has come around regarding those. regarding the phpbb; It is often a PHP/phpbb overflowexploit. They getsan irc bot uploaded into /tmp and uses one of the users toexecute it;Being able to execute it using webserver nobody:nobodypermissions. Theythen uses the ircbot to ddos around. Its also known that That systems are often compromisedthrough a RemoteCommand Execution Vulnerability in awstats 6.1: (or otherversions) asexplaned on;http://www.idefense.com/application/poi/display?id=185&type=vu
lnerabilit
ies&flashstatus=true This last one is what it seams that they were scanning for in your system to try to exploit. Many times the site from where the scan is being done is compromised machine aswell. I usally reports them back to the isp, wich i
recommend
that you do. Best regards, _______________________________________ Vladimir Luna Mail: vladimir.luna () gmail com ________________________________________
-- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
Current thread:
- apache security newbie voyager123bg (Jun 06)
- RE: apache security newbie Vladimir Luna (Jun 06)
- RE: apache security newbie Dominik Kallusky (Jun 08)
- RE: apache security newbie Vladimir Luna (Jun 08)
- RE: apache security newbie Dominik Kallusky (Jun 08)
- <Possible follow-ups>
- RE: apache security newbie Vladimir Luna (Jun 08)
- RE: apache security newbie Vladimir Luna (Jun 06)