[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: [users@httpd] RE: Possible hack attempt
From: Gary Smith <gary.smith () holdstead ! com>
Date: 2011-10-28 22:31:58
Message-ID: 034DEBCAE934A74991E6E76B8DA72D1487176342BD () HSSBS ! holdstead ! local
[Download RAW message or body]
> I was tasked on tracking down the cause of a perl process that is
> hanging on a client server. The server is opensuse, pretty much out of
> the box, patched pretty current. Anyway, below is the first log entry
> where it looks like someone attempted to run a perl script. It also
> appears that a file was somehow saved. Since I see that there is a url
> in it, I figured I'd ask others if they have seen this attack vector
> recently and what resolution path I might take.
Apparently the hack attempt came through via creloaded v6.4.1. Not sure if=
this is a known issue on their side. We are running mod_suphp so it looks=
like the damage is limited to that particular user id. I'll probably rebu=
ild the server just in case.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic