Home page logo
/

basics logo Security Basics mailing list archives

RE: apache security newbie
From: "Dominik Kallusky" <D.Kallusky () gmx net>
Date: Tue, 7 Jun 2005 17:37:58 +0200 (MEST)

There are scripts, that scan for the awstats vulnerability?
Does anyone know more about that, or has a link?

--- Ursprüngliche Nachricht ---
Von: "Vladimir Luna" <vladimir.luna () gmail com>
An: <security-basics () securityfocus com>
Betreff: RE: apache security newbie
Datum: Mon, 6 Jun 2005 18:55:41 +0200

This seams as 'usual' scans for exploit of awstats.pl 
The most used exploits that i have come by is hacks done  on awstats.pl
phpbb´s and on ikonboard why its important to update these often, and
look if some new security issue has come around regarding those.
regarding the phpbb; It is often a PHP/phpbb overflow exploit. They gets
an irc bot uploaded into /tmp and uses one of the users to execute it;
Being able to execute it using webserver nobody:nobody permissions. They
then uses the ircbot to ddos around. 
Its also known that  That systems are often compromised through a Remote
Command Execution Vulnerability in awstats 6.1: (or other versions) as
explaned on; 
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilit
ies&flashstatus=true 

This last one is what it seams that they were scanning for in your
system to try to exploit. 
Many times the site from where the scan is being done is compromised
machine aswell. I usally reports them back to the isp, wich i recommend
that you do. 

Best regards, 

_______________________________________
            Vladimir Luna 
    Mail: vladimir.luna () gmail com
________________________________________


-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]