On 1/4/06, Gaby vanhegan <[EMAIL PROTECTED]> wrote: > Because they're in the default Apache error log, the attacker must > have hit a website on the machine that doesn't have an ErrorLog > defined, or they hit the machine by IP instead of a hostname. I got > a list of sites that have no error log (and would log to /var/www/ > logs/error_log) and checked their transfer logs. None of them had > any entries in them that correspond to any of the times on the wget > entries, so I learn nothing from this. There are earlier entries as > well, doing the same thing, but to a different site I would think php, but this doesn't explain it unless you turned the chroot off.
--knitti