Apparent Hack attempt filling partition
Steel City Phantom
scphantm at yahoo.com
Mon Feb 27 19:09:28 PST 2006
i looked this virus up, it said to look for perl scripts in the tmp
dir and i don't have any of the ones the sites i found said to look
for. i know this server is a bit behind on updates, specifically what
version of PHP fixed this problem. i ask because at the moment i
don't have that big of a window of opportunity to bring the server
down for upgrades.
Kees Plonsz wrote:
Steel City Phantom wrote on Monday 27 February 2006 22:56:
It seems that on friday i had some kind of hack scanner hit one of my
servers. it went thru the website looking for scripts, i believe it was
my hosting company that did it with their vulnerability scanner. The
problem is that for some reason, the server was kicked into a loop
failing on a perl script that eventually filled the /var partition with
a 1 gig error log file and brought mysql down for lack of temp space to
run some queries.
I think that is the "Net-Worm.Linux.Mare.d".
It not a special for linux but works on all *unix machines
with PHP XML-RPC library and MAMBO.
One of the files it uses is ping.txt:
mv: ping.txt: No such file or directory
[1]http://www.f-secure.com/v-descs/mare_d.shtml
_______________________________________________
[2]freebsd-questions at freebsd.org mailing list
[3]http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [4]"freebsd-questions-unsubscribe at freebsd.org"
References
1. http://www.f-secure.com/v-descs/mare_d.shtml
2. mailto:freebsd-questions at freebsd.org
3. http://lists.freebsd.org/mailman/listinfo/freebsd-questions
4. mailto:freebsd-questions-unsubscribe at freebsd.org
More information about the freebsd-questions
mailing list