Security Breach ?
Thomas Cameron
thomas.cameron at camerontech.com
Thu Mar 3 05:11:02 UTC 2005
On Wed, 2005-03-02 at 18:12 -0500, Chris Strzelczyk wrote:
> Alright well not it's certain I have a friend on my system. I have
> found this file named "https" on my
> system in /tmp
>
> I'm not as PERL savy as I want to be but it does open IRC on the
> server. The file is owned by apache:apache. So it
> looks like my friend is using Apache as a tool. Would anybody have a
> clue on how he could get this in tmp and then run it?
> The file was not set executable either.
<snip>
Look in /var/tmp - anything there called aVe or uselib24 or bots.txt?
Also, look in your /var/log/httpd area for anything weird in access_log
or error_log.
Thomas
More information about the fedora-list
mailing list