Eddie Tejeda <[EMAIL PROTECTED]> wrote: > Someone was able to install zbind on my machine using the following scripts. > The damage was limited to www-data, a restricted user, and logs were able > to monitor behaviour, but posed a large threat. <snip>
I notice that the attacker tried a number of different URLs. Is it possible that there was a second version of awstats installed, aside from the packaged version, and that that was vulnerable to the configdir exploit? Ben. -- Ben Hutchings Everything should be made as simple as possible, but not simpler. - Albert Einstein
signature.asc
Description: This is a digitally signed message part