[TriLUG] I've got intruders!!
Ian Kilgore
ian at trilug.org
Tue May 16 07:52:03 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason wrote:
> are you running any php scripts? ive seen this happen on my box once..
> Theres a nasty css vulnerability in horde and other php apps which can be exploited easily.
>
> regards,
> Jason
>
As Jason said, it was more than likely from a zombie box, scanning
webservers for $some_webapp with a well known vulnerability, using it to
download a backdoor of some sort, and then spamming spammy spam. Either
that, or you had a bad ssh username/password, and a zombie found that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEabziwsRpgTiXSOERAuldAKDTLuR8zkcGTls3kz+aUSDblWC5xgCfUWxs
RqBnQPeRI6LN5krXLnt52WA=
=jR20
-----END PGP SIGNATURE-----
More information about the TriLUG
mailing list