Date: Mon, 27 Feb 2006 22:09:15 -0500 From: Steel City Phantom <scphantm@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: Apparent Hack attempt filling partition Message-ID: <4403BEDB.6060005@yahoo.com> In-Reply-To: <dtvue1$2ig$1@jeremina.homeunix.net> References: <4403758C.3080401@yahoo.com> <dtvue1$2ig$1@jeremina.homeunix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
i looked this virus up, it said to look for perl scripts in the tmp dir and i don't have any of the ones the sites i found said to look for. i know this server is a bit behind on updates, specifically what version of PHP fixed this problem. i ask because at the moment i don't have that big of a window of opportunity to bring the server down for upgrades. Kees Plonsz wrote: Steel City Phantom wrote on Monday 27 February 2006 22:56: It seems that on friday i had some kind of hack scanner hit one of my servers. it went thru the website looking for scripts, i believe it was my hosting company that did it with their vulnerability scanner. The problem is that for some reason, the server was kicked into a loop failing on a perl script that eventually filled the /var partition with a 1 gig error log file and brought mysql down for lack of temp space to run some queries. I think that is the "Net-Worm.Linux.Mare.d". It not a special for linux but works on all *unix machines with PHP XML-RPC library and MAMBO. One of the files it uses is ping.txt: mv: ping.txt: No such file or directory [1]http://www.f-secure.com/v-descs/mare_d.shtml _______________________________________________ [2]freebsd-questions@freebsd.org mailing list [3]http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [4]"freebsd-questions-unsubscribe@freebsd.org" References 1. http://www.f-secure.com/v-descs/mare_d.shtml 2. mailto:freebsd-questions@freebsd.org 3. http://lists.freebsd.org/mailman/listinfo/freebsd-questions 4. mailto:freebsd-questions-unsubscribe@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4403BEDB.6060005>