Hi,
thanks folks a lot for all hints.
Now I found that the connects came indeed from the other.host.name
(192.168.0.2), but I didn't find out which user it was.
However, I'm no longer sure wether it was was some kind of code
injection, as more as I do not know how the guys did it exactly.
And
Hello Andreas,
Friday, September 24, 2004, 12:53:44, you wrote:
> Can you imagine some kind of "code injection" in this case? E.g., an
> HTTP-POST with some "nice" PHP code inside? Well, the web server logs
> don't show up something appropriate, but who knows...?
hmm... are those db connect at
Hi
On 2004-09-24 Andreas Vent-Schmidt wrote:
> On the servers in questions are no customers - it's a dedicated system
> for only one customer. All the web programming an so on is done only by
> myself (well, I hope so ;-). But, there are some POP accounts and also
> an smtpd (no ftpd).
Do a "t
Hi Marek,
thanks for your quick reply.
On the servers in questions are no customers - it's a dedicated system
for only one customer. All the web programming an so on is done only by
myself (well, I hope so ;-). But, there are some POP accounts and also
an smtpd (no ftpd).
Can you imagine some
Hello Andreas,
These connections can be from php. One of your customers is maybe
trying something...
Friday, September 24, 2004, 11:59:38, you wrote:
> - As the logfile says, the connection attempt came from
> other.host.name (which is in the 192.168.0.0 network), not from
> outside. Is this
Hi Folks,
now I've got another riddle for you... ;-)
I have a pair of two Debian boxes acting as LAMP system; one is the web
server (Apache 1.3.29, mod_gzip/1.3.26.1a, PHP 4.3.8), the other one
act as the database server (MySQL 4.0.20-log - latest release from
backports.org). The servers are c
6 matches
Mail list logo
