Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Sep 2009 09:58:19 -0300
From:      Leandro Quibem Magnabosco <leandro.magnabosco@fcdl-sc.org.br>
To:        Aflatoon Aflatooni <aaflatooni@yahoo.com>, freebsd-questions@freebsd.org
Subject:   Re: FreeBSD 6.3 installation hacked
Message-ID:  <4AB8C9EB.2050107@fcdl-sc.org.br>
In-Reply-To: <684860.58563.qm@web56202.mail.re3.yahoo.com>
References:  <196554.24096.qm@web56207.mail.re3.yahoo.com> <4AB8C839.3000905@fcdl-sc.org.br> <684860.58563.qm@web56202.mail.re3.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Aflatoon Aflatooni escreveu:
> I found a script in /tmp directory which could have been uploaded using php or Java.
> How would they execute the code in /tmp directory?
>
> Thanks
>   
>
You can execute files from scripts or from apache itself when they are 
scripts.
There are several programming/scripting languages that are accessible by 
web and those are the ones that an intruder will have to use to exploit 
some scenario like yours.

Take some time to read this doc:
http://www.dataloss.net/papers/how.defaced.apache.org.txt

It is pretty interesting as, unfortunately,  it suits the same scenario 
you, unintentionally, created for the hackers.


Cheers,
--
Leandro Quibem Magnabosco.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4AB8C9EB.2050107>