Home page logo
/

basics logo Security Basics mailing list archives

RE: apache security newbie
From: "Vladimir Luna" <vladimir.luna () gmail com>
Date: Wed, 8 Jun 2005 20:11:32 +0200


Yes, sorry to say, the 'kiddies' has those kinda tools and uses it a lot
from hacked boxes to scan broadly on *all* IP's of c-blocks, etc. Best
solution is to allways keep your stuff updated. 
Due to the nature of such program i think its best not to direct anyone
to them. I would recommend you to contact the isp that was trying to get
into your box and alert them of possible intrusion into their system
thats possible being used for scan's in order to try to break into your
box. 

Sorry for my bad english.


_______________________________________
            Vladimir Luna 
    Mail: vladimir.luna () gmail com
________________________________________


-----Original Message-----
From: Dominik Kallusky [mailto:D.Kallusky () gmx net] 
Sent: Tuesday, June 07, 2005 5:38 PM
To: security-basics () securityfocus com
Subject: RE: apache security newbie


There are scripts, that scan for the awstats vulnerability?
Does anyone know more about that, or has a link?

--- Ursprüngliche Nachricht ---
Von: "Vladimir Luna" <vladimir.luna () gmail com>
An: <security-basics () securityfocus com>
Betreff: RE: apache security newbie
Datum: Mon, 6 Jun 2005 18:55:41 +0200

This seams as 'usual' scans for exploit of awstats.pl 
The most used exploits that i have come by is hacks done  
on awstats.pl
phpbb´s and on ikonboard why its important to update these 
often, and
look if some new security issue has come around regarding those.
regarding the phpbb; It is often a PHP/phpbb overflow 
exploit. They gets
an irc bot uploaded into /tmp and uses one of the users to 
execute it;
Being able to execute it using webserver nobody:nobody 
permissions. They
then uses the ircbot to ddos around. 
Its also known that  That systems are often compromised 
through a Remote
Command Execution Vulnerability in awstats 6.1: (or other 
versions) as
explaned on; 

http://www.idefense.com/application/poi/display?id=185&type=vu
lnerabilit
ies&flashstatus=true 

This last one is what it seams that they were scanning for in your
system to try to exploit. 
Many times the site from where the scan is being done is compromised
machine aswell. I usally reports them back to the isp, wich i
recommend
that you do. 

Best regards, 

_______________________________________
            Vladimir Luna 
    Mail: vladimir.luna () gmail com
________________________________________


-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]