[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 24 Jun 2010, Aaron Trevena wrote:
On 22 June 2010 20:37, Gordon Henderson <gordon+dcglug@xxxxxxxxxx> wrote:And who says Linux isn't targetted by scammers, etc...Linux desktops aren't.. this is just run of the mill stuff you get when you plug any server into the internet.
Sure - but this is specifically targetted at Linux (although as I've since foud out, this particular attack is aimed directly at phpList - so the atackers have put some effort into it!)
I've never had one of my Linux boxes compromised, despite a lot of hostile traffic targetting either weak ssh passwords or php applications/mis-configuration, even with out-of-the-box configuration left in place for weeks on some new servers.
You're lucky. I've had mine compromised - however I sell services to people who can then upload their own code - that's where the issues have been. Out of the box, they're fine - put some dodgy perl/php/etc code in it, and who knows )-:
I noticed this in a log-file earlier - I see this sort of thing regularly, but thought I'd post one here for you: .... So there you go - Linux *is* being targetted and obvously the target above is for some specific site running some specific version of some software, but who knows!It's targetting a PHP app running on any *nix with GNU tools installed, could work (or not) as likely on solaris, freebsd or linux, even windows running servers via cygwin :)
The (binary) code is specifically compiled for i386 Linux and statically linked. It's really unlikely to run on anything else.
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html