Hacking somehow?

btaber · Nov 14, 2007

I have seen in my error logs attempts to execute programs:

sh: /usr/local/bin/which: No such file or directory
sh: /usr/local/bin/echo: No such file or directory
sh: /usr/local/bin/uname: No such file or directory
sh: /usr/local/bin/echo: No such file or directory
sh: /usr/local/bin/id: No such file or directory
sh: /usr/local/bin/uname: No such file or directory
sh: /usr/local/bin/id: No such file or directory

someone even managed to download a file to the server using wget...

--13:33:07--

http://**********.altervista.org/xh

Resolving ************.altervista.org... 123.123.123.123
Connecting to ************.altervista.org|123.123.123.123|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15125 (15K) [text/plain]
Saving to: `xh.1'

How is this possible???

nerbonne · Nov 18, 2007

Well, an insecure php script could allow someone to upload a malicious php script to a worl writeable directory (777). I would run a find command and find that "xh.1" file/directory that is referenced and go from there. More times than not, the insecure script is in the same site as the files you find (after all, hackers are lazy too).

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Hacking somehow?

btaber

Programmer

nerbonne

Technical User

Similar threads

Part and Inventory Search

Sponsor