On Wed, 15 Mar 2006, Gaby vanhegan wrote: > Hi, > > I'm running 3.6 (yes, due for an upgrade) and I keep getting hit by > some hackers that are using a bug I can't track down to download perl > scripts into /tmp: > > <SNIPPED> > > 1. How do I find out their attack vector? I have had a nessus scan > performed on the machine, but it did not present any security (I can > supply on request). I've checked the security releases in > security.html and there are no pertinent ones for httpd. Snort has > provided little useful information (I can provide access to the snort > logs if required).
Would you be running phpbb? It bit my ass in a very similar fashion.