[PLUG] Possible hack attempt on my server

Bill Ensley bill at bearprinting.com
Thu Jun 8 22:35:23 UTC 2006


I have the users IP address, 

What do I do now?  
Should I contact the ISP and file some kind of abuse report?

-Bill 

-----Original Message-----
From: plug-bounces at lists.pdxlinux.org
[mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of Bill Ensley
Sent: Thursday, June 08, 2006 3:24 PM
To: 'General Linux/UNIX discussion and help;civil and on-topic'
Subject: RE: [PLUG] Possible hack attempt on my server

This list won't allow me to attach the file.

They didn't actually manage to get in, they just Used my uploader to upload
the file.

I just wanted to know if anyone knows what it is.

I did find it elsewhere on the internet it is called

Bab.php

-Bill Ensley
Bear Printing

-----Original Message-----
From: plug-bounces at lists.pdxlinux.org
[mailto:plug-bounces at lists.pdxlinux.org] On Behalf Of Auke Kok
Sent: Thursday, June 08, 2006 3:20 PM
To: General Linux/UNIX discussion and help;civil and on-topic
Subject: Re: [PLUG] Possible hack attempt on my server

Bill Ensley wrote:
> Hello all.
>  
> Someone uploaded a file to my server last night ( I have attached it ).

it's missing! maybe your mail program is hacked too :)

> It is a php file that looks quite dangerous.
>  
> The upload repository is not web-accessable and I don't have any kind
>  
> of software capable of executing this file installed on the server,
>  
> But will someone on this list look at this and tell me what it is?

best guess without knowing anything: You're running some form of php website
that is not 100% secure and an exploit is known. The attacker used that as a
backdoor to start a script from /tmp using php or perl, and attempted to
connect to that from remotely.

Auke
_______________________________________________
PLUG mailing list
PLUG at lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

_______________________________________________
PLUG mailing list
PLUG at lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug




More information about the PLUG mailing list