FAQ
Hi folks,

I sent this last night but didn't see it come through and I realize that I
did not mention that this occurred on a linux server running apache
1.3.34.

Thanks for any advice or suggestions.

Thanks,
Jim.


James R. Hay jrhay@HayA.QC.CA
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4

---------- Forwarded message ----------
Date: Sat, 28 Jan 2006 01:38:50 -0500 (EST)
From: James R. Hay <jrhay@HayA.QC.CA>
To: users@httpd.apache.org
Subject: Origin of error log entries?


The entries below were found in the Apache error log while investigating on
apparent exploit. Thus far I have not found any corresponding access log entry
and I am wondering if this is an indication that the intruder gained a shell?

httpd(315): Operation not permitted
sh: line 1: fetch: command not found
--00:44:12-- http://members.lycos.co.uk/img00d/httpd
=> `httpd'
Resolving members.lycos.co.uk... done.
Connecting to members.lycos.co.uk[212.78.204.20]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29,662 [text/plain]

0K .......... .......... ........ 100% 68.00 KB/s

00:44:13 (68.00 KB/s) - `httpd' saved [29662/29662]

php.cgi: no process killed


This begs the question of what is the source of entries for the error log? THe
virtual domains have their own logs and there should be no entries for any
websites in the main access or error logs.

Any suggestions would be appreciated.

Thanks,
Jim.

James R. Hay jrhay@HayA.QC.CA
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 4 | next ›
Discussion Overview
groupusers @
categoriesapache
postedJan 28, '06 at 8:58p
activeJan 28, '06 at 10:13p
posts4
users2
websitehttpd.apache.org
irc#httpd

2 users in discussion

James R. Hay: 2 posts Joshua Slive: 2 posts

People

Translate

site design / logo © 2022 Grokbase