Package: webalizer
Followup-For: Bug #622897
Moritz, I believe that the initial attack was through webalizer because
the path /var/www/.webalizer contained php injections which gave the
attackers their initial shell, which was first used to host a phishing
form which was also under /var/www/we
Package: webalizer
Version: 2.01.10-32.4
Followup-For: Bug #622897
More info:
Where I was actually USING webalizer, on production sites, was shielded
behind Apache digest authentication - and thus was not exposed or
attacked. What I had not realized was that just installing webalizer
from re
Package: webalizer
Version: 2.01.10-32.4
Severity: critical
Tags: security
Justification: root security hole
A server I admin running Debian Lenny with the current version of
webalizer installed was exploited through webalizer. Once the attackers
had a shell, they used an unknown, presumably l
3 matches
Mail list logo