Apparent Hack attempt filling partition

Steel City Phantom scphantm at
Mon Feb 27 19:09:28 PST 2006

   i looked this virus up, it said to look for perl scripts in the tmp
   dir and i don't have any of the ones the sites i found said to look
   for.  i know this server is a bit behind on updates, specifically what
   version of PHP fixed this problem.  i ask because at the moment i
   don't have that big of a window of opportunity to bring the server
   down for upgrades.
   Kees Plonsz wrote:

Steel City Phantom wrote on Monday 27 February 2006 22:56:


It seems that on friday i had some kind of hack scanner hit one of my
servers.  it went thru the website looking for scripts, i believe it was
my hosting company that did it with their vulnerability scanner.  The
problem is that for some reason, the server was kicked into a loop
failing on a perl script that eventually filled the /var partition with
a 1 gig error log file and brought mysql down for lack of temp space to
run some queries.  

I think that is the "Net-Worm.Linux.Mare.d".
It not a special for linux but works on all *unix machines
with PHP XML-RPC library and MAMBO.
One of the files it uses is ping.txt:


mv: ping.txt: No such file or directory


[2]freebsd-questions at mailing list
To unsubscribe, send any mail to [4]"freebsd-questions-unsubscribe at"


   2. mailto:freebsd-questions at
   4. mailto:freebsd-questions-unsubscribe at

More information about the freebsd-questions mailing list