> I was tasked on tracking down the cause of a perl process that is > hanging on a client server. The server is opensuse, pretty much out of > the box, patched pretty current. Anyway, below is the first log entry > where it looks like someone attempted to run a perl script. It also > appears that a file was somehow saved. Since I see that there is a url > in it, I figured I'd ask others if they have seen this attack vector > recently and what resolution path I might take.
Apparently the hack attempt came through via creloaded v6.4.1. Not sure if this is a known issue on their side. We are running mod_suphp so it looks like the damage is limited to that particular user id. I'll probably rebuild the server just in case. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
