On Tue, Jan 31, 2006 at 11:19:45PM +0100, Josep Serrano wrote: > Hello all. I got some weird entries in my apache error log. > Any clues about what/where/how ? > > sh: -c: line 22: unexpected EOF while looking for matching ``' > sh: -c: line 24: syntax error: unexpected end of file > > sh: -c: line 0: unexpected EOF while looking for matching `"' > sh: -c: line 1: syntax error: unexpected end of file Looks like someone is trying to do arbritary commmand execution. You probably have a script somewhere that says `command $_GET['var']`, and someone is passing ';attack' as var, but it isn't quite working. I suggest using the audit log feature of mod_security, or just grepping through your access logs for anything odd ('wget' is a good search term). You might have a bot on the system, check for any odd network connections, especially to port 6667 (IRC). Also look for www-data owned files in /tmp. Brian -- Website: http://www.netsoc.tcd.ie/~bbrazil
Attachment:
signature.asc
Description: Digital signature