Apparent Hack attempt filling partition
Kees Plonsz
replyREMOVE_THIS at serve.myown.framed.net
Mon Feb 27 14:29:04 PST 2006
Steel City Phantom wrote on Monday 27 February 2006 22:56:
> It seems that on friday i had some kind of hack scanner hit one of my
> servers. it went thru the website looking for scripts, i believe it was
> my hosting company that did it with their vulnerability scanner. The
> problem is that for some reason, the server was kicked into a loop
> failing on a perl script that eventually filled the /var partition with
> a 1 gig error log file and brought mysql down for lack of temp space to
> run some queries.
I think that is the "Net-Worm.Linux.Mare.d".
It not a special for linux but works on all *unix machines
with PHP XML-RPC library and MAMBO.
One of the files it uses is ping.txt:
> mv: ping.txt: No such file or directory
http://www.f-secure.com/v-descs/mare_d.shtml
More information about the freebsd-questions
mailing list