Re: Attack ???

From: Tiago Fioreze (tapera@inf.ufsm.br)
Date: 03/15/02


Date: Fri, 15 Mar 2002 10:10:46 -0300
From: Tiago Fioreze <tapera@inf.ufsm.br>
To: security-discuss@linuxsecurity.com


  Hi Dharmendra !!!

  I didn't write none php cgi-bin script. I am distrustful that it is the
second hypothesis, but I think odd that the logs in Apache does not seem www
solicitations.

  What I make ?

  Tiago Fioreze

Citando "Dharmendra.T" <dharmu@nsecure.net>:

>
> Hi ,
> I hope you have written php cgi-bin script. And when the user try to access
>
> some document in the cgi-bin directory it is looking for the php in
> /usr/local/bin/php.
> Another chance is somebody trying the phf exploit on your machine.
> Regards
> Dharmendra.T
> Linux Security Expert
> www.nsecure.net
>
> On Friday 15 March 2002 02:12 am, Tiago Fioreze wrote:
> > Hi all !!!
> >
> > I'm noting the following message in my error_log file
> > of Apache :
> >
> > sh: /usr/local/bin/ph: não localizado.
> > sh: /usr/local/bin/ph: não localizado.
> > sh: /usr/local/bin/ph: não localizado.
> > sh: /usr/local/bin/ph: não localizado.
> > sh: /usr/local/bin/ph: não localizado.
> > sh: /usr/local/bin/ph: não localizado.
> >
> > PS. 'não localizado' = not located
> >
> > What's this ?
> >
> > Thanks a lot !
> >
> > Tiago Fioreze
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
>

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.