Hi. On Friday 22 July 2005 00:00, Rob Sims wrote: > On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote: > > way? What is currently possible in that respect on a machien that runs > > ssh, apache, php, exim and nothing else (all as of Debian 3.1)? > > Didn't one of your logs show overwriting the apache logs? Seems like > the attacker was trying to cover up something there.
Right. Although in that place the log file was pretty much unused, all hosts running had their own log files elsewhere. I checked the Apache advisories list, and nothing listed could have affected that server. At least not in a way to be able to log in and create a user. Karsten -- This email is ROT26 encrypted, by reading it you are in violation of the DMCA, and should turn yourself in to the authorities immediately. (Chris Berry) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]