mailing list archives
RE: apache security newbie
From: "Dominik Kallusky" <D.Kallusky () gmx net>
Date: Tue, 7 Jun 2005 17:37:58 +0200 (MEST)
There are scripts, that scan for the awstats vulnerability?
Does anyone know more about that, or has a link?
--- Ursprüngliche Nachricht ---
Von: "Vladimir Luna" <vladimir.luna () gmail com>
An: <security-basics () securityfocus com>
Betreff: RE: apache security newbie
Datum: Mon, 6 Jun 2005 18:55:41 +0200
This seams as 'usual' scans for exploit of awstats.pl
The most used exploits that i have come by is hacks done on awstats.pl
phpbb´s and on ikonboard why its important to update these often, and
look if some new security issue has come around regarding those.
regarding the phpbb; It is often a PHP/phpbb overflow exploit. They gets
an irc bot uploaded into /tmp and uses one of the users to execute it;
Being able to execute it using webserver nobody:nobody permissions. They
then uses the ircbot to ddos around.
Its also known that That systems are often compromised through a Remote
Command Execution Vulnerability in awstats 6.1: (or other versions) as
This last one is what it seams that they were scanning for in your
system to try to exploit.
Many times the site from where the scan is being done is compromised
machine aswell. I usally reports them back to the isp, wich i recommend
that you do.
Mail: vladimir.luna () gmail com
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++