I have a buddy that is running RH9.0 with Apache 2.0.40 with FP extentions.
His web server got hacked into. They replaced the index page. They had their name of "Total Cha0s" on the index page.
Anyone know of a bug in apache that will allow this?
Here is a listing of the files they placed in the tmp dir.
[EMAIL PROTECTED] tmp]# ll
total 488
-rw-r--r-- 1 apache apache 757 Aug 22 00:20 dc.pl
-rwxrwxrwx 1 apache apache 19242 Aug 18 14:38 r0nin
-rw------- 1 apache apache 93 Aug 17 08:29 sess_bd2f85b4f15f7471f989baa66cdc2cbb
-rwxrwxrwx 1 apache apache 0 Aug 21 15:31 xiit
-rwxr-xr-x 1 apache apache 463529 Aug 22 00:21 xpl_brk
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.740 / Virus Database: 494 - Release Date: 8/16/2004
_______________________________________________ Apache-FP mailing list [EMAIL PROTECTED] http://lists.joshie.com/mailman/listinfo/apache-fp
Donations: http://www.amazon.com/paypage/PT5LZITM9L227
