Date: Mon, 27 Feb 2006 23:28:17 +0100 From: Kees Plonsz <replyREMOVE_THIS@serve.myown.framed.net> To: freebsd-questions@freebsd.org Subject: Re: Apparent Hack attempt filling partition Message-ID: <dtvue1$2ig$1@jeremina.homeunix.net> References: <4403758C.3080401@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Steel City Phantom wrote on Monday 27 February 2006 22:56: > It seems that on friday i had some kind of hack scanner hit one of my > servers. it went thru the website looking for scripts, i believe it was > my hosting company that did it with their vulnerability scanner. The > problem is that for some reason, the server was kicked into a loop > failing on a perl script that eventually filled the /var partition with > a 1 gig error log file and brought mysql down for lack of temp space to > run some queries. I think that is the "Net-Worm.Linux.Mare.d". It not a special for linux but works on all *unix machines with PHP XML-RPC library and MAMBO. One of the files it uses is ping.txt: > mv: ping.txt: No such file or directory http://www.f-secure.com/v-descs/mare_d.shtml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dtvue1$2ig$1>