[Xastir] WAY off topic - but you guys are my' best resource'
KC7ZRU
kc7zru at arrl.net
Sat Aug 30 16:23:55 EDT 2003
Curt Mills, WE7U wrote:
>
> It sure looks like someone got in through CGI or other scripts or
> modules run by Apache, else you wouldn't have the user/group owned
> by Apache. Investigate on Apache-specific mailing lists, newsgroups,
> web pages. It's common for exploits to be found in scripts that are
> distributed with web servers.
>
At this time, it appears they got in through a PHP script I use for a
photo gallery for the extended family.
Looks like they got 'telnetd' copied to the /tmp folder - but from
there, couldn't do anything more with it.
Thanks for the input guys! I'll keep checking - anything new, I'll let
ya all know.
73
More information about the Xastir
mailing list