I am seeing strange log entries in my apache error_log on my FC4 server.
Does anyone else have it?
[Tue Jan 03 13:16:31 2006] [error] [client 63.200.180.84] File does not exist: /var/www/html/favicon.ico [Tue Jan 03 13:16:40 2006] [error] [client 63.200.180.84] File does not exist: /var/www/html/favicon.ico % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (23) Failed writing body [Tue Jan 03 14:12:53 2006] [error] [client 64.152.49.162] File does not exist: /home
It looks like someone is getting apache to run a program to download something.
thx -chris
On Wed, Jan 04, 2006 at 11:32:32AM -0800, Christian Motta wrote:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (23) Failed writing body
grep your access logs for 'curl'; this is probably an attack on some PHP application on your server (which may now have been compromised).
joe
Joe Orton wrote:
On Wed, Jan 04, 2006 at 11:32:32AM -0800, Christian Motta wrote:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (23) Failed writing body
grep your access logs for 'curl'; this is probably an attack on some PHP application on your server (which may now have been compromised).
Don't the stats and the error suggest selinux saved him?
-Andy
-
Andy Green -
Christian Motta -
Joe Orton