From: /dev/rob0 (no email)
Date: Mon May 16 2005 - 00:34:20 EDT
On Sunday 15 May 2005 11:44, Kevin Pang wrote:
> "Robin Lynn Frank" wrote:
> > There is a known exploit of all but the most recent Awstats that
> > can produce exactly this type of problem. There was a thread on
> > this list several months ago. Check the archives.
>
> Unfortunately I can't find any threads related with Awstats exploit.
> I didn't Awstats could also be used as mail log analyzer and I use it
> for apache log only.
And your spammer used it to send out some spew! Why are you thinking
that what YOU use awstats for would somehow make you safe from ...
A Known Exploit of Awstats.
You have been had. Take your HTTPD down right away. It's possible that
your spammer has shell access too ... and once there, root is usually
not far away.
A friend of mine had awstats exploited just like this. Check it
COMPLETELY before you allow it on the Internet. It's possible (and not
unlikely) that you were not 0wn3d by this creature, but act on the
worst case assumption until proven otherwise.
First things first! Stop your spew. Later, try to figure out what
happened ... but I assure you ... it was awstats!
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
|
|
|