xx.xxx.xx.xx GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1 200 14049 -
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
xx.xxx.xxx.xx POST /admin/phpmyadmin/scripts/setup.php HTTP/1.1 200 -
http://xxx.xx.xx.xx/admin/phpmyadmin/scripts/setup.php\r; Mozilla/4.0
Thanks a lot to everyone who help me to solve the problem.
I had installed phpmyadmin and they used it to attack my server.
I found this in /var/log/httpd/access_log
Cheers
Luisa
On Fri, January 13, 2012 20:48, Luisa Ester Navarro wrote:
Thanks a lot to everyone who help me to solve the problem.
I had installed phpmyadmin and they used it to attack my server.
I found this in /var/log/httpd/access_log
So which measures did you take into account to fix the problem?
At 04:48 PM 1/13/2012 -0300, you wrote:
Thanks a lot to everyone who help me to solve the problem.
I had installed phpmyadmin and they used it to attack my server.
I found this in /var/log/httpd/access_log
Was your compile of apache2 prefork or worker? And could you be a
little more explicit
Date: Fri, 13 Jan 2012 15:32:55 -0500
To: users@httpd.apache.org
From: storm...@stormy.ca
Subject: Re: [users@httpd] attack on apache - solved -
At 04:48 PM 1/13/2012 -0300, you wrote:
Thanks a lot to everyone who help me to solve the problem.
I had installed phpmyadmin
From: luisa2...@hotmail.com
To: users@httpd.apache.org
Subject: RE: [users@httpd] attack on apache
Date: Wed, 11 Jan 2012 16:15:14 -0300
Date: Mon, 9 Jan 2012 17:30:21 +
From: tevans...@googlemail.com
To: users@httpd.apache.org
Subject: Re: FW: [users@httpd] attack on apache
On 01/11/2012 08:24 PM, Luisa Ester Navarro wrote:
From: luisa2...@hotmail.com
To: users@httpd.apache.org
Subject: RE: [users@httpd] attack on apache
Date: Wed, 11 Jan 2012 16:15:14 -0300
Date: Mon, 9 Jan 2012 17:30
On 11/01/12 21:35, Jeroen Geilman wrote:
In /var/log/httpd/error_log I see hink like this
sh: del comand no found
sh: xx Permission denied
I need help !
1. Stop apache.
2. investigate which leaky, creaky or lousy PHP script allowed this
exploit.
3. remove the bad script.
4. Remount
On 01/11/2012 09:10 PM, Jaco Kroon wrote:
On 11/01/12 21:35, Jeroen Geilman wrote:
In /var/log/httpd/error_log I see hink like this
sh: del comand no found
sh: xx Permission denied
I need help !
1. Stop apache.
2. investigate which leaky, creaky or lousy PHP script allowed this
exploit.
Date: Wed, 11 Jan 2012 21:13:53 +0100
From: jer...@adaptr.nl
To: users@httpd.apache.org
Subject: Re: [users@httpd] attack on apache
On 01/11/2012 09:10 PM, Jaco Kroon wrote:
On 11/01/12 21:35, Jeroen Geilman wrote
any idea how to start researching which is the leaky script
Checking the access log for the same ip that was getting the errors you
found in the error_log is a good start.
-
The official User-To-User support
On 01/11/2012 10:10 PM, Jaco Kroon wrote:
On 11/01/12 22:37, Luisa Ester Navarro wrote:
J.
Thanks Jeron:
any idea how to start researching which is the leaky script
Cheers
Luisa
Hehe, this is where they say,
Hi,
On 12/01/12 00:14, Jeroen Geilman wrote:
On 01/11/2012 10:10 PM, Jaco Kroon wrote:
On 11/01/12 22:37, Luisa Ester Navarro wrote:
J.
Thanks Jeron:
any idea how to start researching which is the leaky
My server is being attacked. I think it is from apache because I have found
commands running with the owner apache.
My httpd is on /usr/sbin and they run on /usr/local/apache/bin/httpd -DSFSL
and sh -c curl -o http
They also run every minutes a crontab from /var/spool/cron and I din´t
On 09/01/2012 16:11, Luisa Ester Navarro wrote:
My server is being attacked. I think it is from apache because I have found
commands running with the owner apache.
My httpd is on /usr/sbin and they run on /usr/local/apache/bin/httpd -DSFSL
and sh -c curl -o http
I don't think they
replaced: 1 Time(s)Thanks
Date: Mon, 9 Jan 2012 18:05:38 +0100
From: i...@simonecaruso.com
To: users@httpd.apache.org
CC: luisa2...@hotmail.com
Subject: Re: [users@httpd] attack on apache
On 09/01/2012 16:11, Luisa Ester Navarro wrote:
My server is being attacked. I think it is from apache
On Mon, Jan 9, 2012 at 5:20 PM, Luisa Ester Navarro
luisa2...@hotmail.com wrote:
I didn´t have any cronjobs but when I detected the attack I saw one in
/var/spool/cron
My logifle says
User apache:
/var/tmp/.autorun/update /dev/null 21: 2162
17 matches
Mail list logo