On Fri, 15 Jul 2005, Paul Howarth wrote:
The second most common exploit attack I see on my server after the ssh password-guessing attack is an attempted awstats exploit where the attacker tries to download a rootkit into /tmp and run it from there. If I was running a vulnerable awstats installation (i.e. all of them until recently - I hope this bug is actually fixed in the current release but I don't know as I don't use it), mounting /tmp noexec would have saved me.
It is (that one anyway...). -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs
