heh after the 10 or so emails i got stating almost the same thing i said it was a mates box, NOT MINE.
how ever i did tell him to look at the logs and he did say there were alot of the following "\x80j\x01\x03\x01" but how can j be in there is what i dont get *shrug* ----- Original Message ----- From: "Cedric Blancher" <[EMAIL PROTECTED]> To: "VeNoMouS" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 12:13 PM Subject: Re: [Full-Disclosure] Apache 1.3.29 > Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit : > > any one know if theres a new exploit for apache 1.3.29 in the wild one > > of my mates boxes was breached this morning by ir4dex appears they > > gained axx via apache then got root via mmap() > > Have you checked PHP and CGI stuff to see if there was a way to > compromise the host using them ? They are often a valuable to gain a > unpriviledged shell on web server. > > -- > http://www.netexit.com/~sid/ > PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature virus. > >> Copy me to your signature file and help me spread! > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html