[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Backdoor over http(s)??


I found that server too, and some other "a-bit-worrying" stuff...

For some reason my e-mail never reached this list.. wonder what happens this 


> Some CGI at your webserver did run wget to receive some file from
> and save it on your disc as "/tmp/.do".
> wwwrun:nogroup are standard user and group used for apache.
> The file is still avaiable from
> I don't want to execute it, but strings does list some information:
> usage: %s <IP or hostname> <port>
> (/tmp/.do 9090)

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here