[BlueOnyx:07001] Hacking advice
User Ernie
ernie at info.eis.net.au
Mon Apr 11 19:16:15 -05 2011
On the weekend somemone managed to get apache to download a bot script cux.txt and
put it into /tmp
Here is the excerpt from the httpd error_log:
[Sun Apr 10 18:28:32 2011] [error] [client 58.106.49.31] File does not exist: /home/.sites/132/site12/web/favicon.ico
--18:28:51-- http://www.tpaphio.com/infoboard/data/cux.txt
=> `cux.txt'
Resolving www.tpaphio.com... --18:28:51-- http://www.tpaphio.com/infoboard/data/cux.txt
=> `cux.txt'
Resolving www.tpaphio.com... 122.155.7.200
Connecting to www.tpaphio.com|122.155.7.200|:80... 122.155.7.200
Connecting to www.tpaphio.com|122.155.7.200|:80... connected.
HTTP request sent, awaiting response... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18,841 (18K) [text/plain]
0K ..200 OK
Length: 18,841 (18K) [text/plain]
cux.txt has sprung into existence.
Retrying.
........ ........ 100% 38.43 KB/s
18:28:52 (38.43 KB/s) - `cux.txt' saved [18841/18841]
--18:28:52-- http://www.tpaphio.com/infoboard/data/cux.txt
(try: 2) => `cux.txt.1'
Connecting to www.tpaphio.com|122.155.7.200|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18,841 (18K) [text/plain]
0K .......... ........ 100% 57.24 KB/s
18:28:53 (57.24 KB/s) - `cux.txt.1' saved [18841/18841]
[Sun Apr 10 18:29:00 2011] [error] [client 58.106.49.31] File does not exist: /home/.sites/132/site12/web/favicon.ico
What I am trying to do is figure out which vsite was used to upload the script, the error_log doesn't tell me this.
Can anyone suggest how I might do so?
- Ernie.
More information about the Blueonyx
mailing list