[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: we were attacked

I saw this happen on someone's server. They had an old version of awstats that allowed command injection. Check your access logs for a GET of awstats with a query that looks like shell commands.

Peter A. Dumpert
Innovative Computer Services, LLC
The Diamond Standard of Internet Business
P: 732-683-0092 x 102 F: 732-577-9390

danilo lujambio wrote:


in one of our servers with Sarge we are suffering an attack wich put a perl script and two executables in /tmp with owner www-data. We couldn't find any data in messages , syslog, apache.log which help us. We have a shorewall with very few ports open (ssh , ftp and web) .
Can someone help us in how to looking for the source of the attack ?

thanks in advance


Reply to: