slapper worm
kles koe
kleskoe at hotmail.com
Wed Jan 25 01:08:46 UTC 2006
that's a coincidence...
just today when i checked the apache server-status page i notice that some
host was scanning several sites randomly trying to find a xmlrpc.php in
different apparently pre defined locations.
i was aware of the xmlrpc bug in pear and already checked if it was on my
server but it wasnt...
to make sure i immediatly ran a locate and find again and nothing came up...
also blocked the source ip and since then everything is quiet again.
so i guess this so called slapper is still very active.
>From: Mike McCarty <mike.mccarty at sbcglobal.net>
>Reply-To: Discussion of the Fedora Legacy Project
><fedora-legacy-list at redhat.com>
>To: Discussion of the Fedora Legacy Project <fedora-legacy-list at redhat.com>
>Subject: Re: slapper worm
>Date: Tue, 24 Jan 2006 13:08:52 -0600
>
>James Kosin wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Jesse Keating wrote:
>>
>>>On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
>>>
>>>>My version takes care of the mod_ssl issue he already disabled. FC1
>>>>doesn't have a fix or if so it hasn't gone through QA yet.
>>>
>>>Do you have a CVE for the ssl issue? I'd like to see if it is somewhere
>>>in the QA pipeline.
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>
>>Jesse,
>>
>>Just checked this morning.
>>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175406
>>
>>But, I think we may need to do something pro actively... I'm seeing
>>many posting either not knowing about this worm or not knowing if they
>>are protected or how vulnerable they may be.
>
>[snip]
>
>I'm a little shocked at this, frankly. I Googled around, and
>found mentions of the Slapper going back to 2002. Why is it that
>this exploit (and variations of it) haven't all been stamped
>out years ago?
>
>Mike
>--
>p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
>This message made from 100% recycled bits.
>You have found the bank of Larn.
>I can explain it for you, but I can't understand it for you.
>I speak only for myself, and I am unanimous in that!
>
>--
>fedora-legacy-list mailing list
>fedora-legacy-list at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-legacy-list
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the fedora-legacy-list
mailing list