From owner-freebsd-questions@FreeBSD.ORG Tue Sep 22 12:28:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E75D1065676 for ; Tue, 22 Sep 2009 12:28:12 +0000 (UTC) (envelope-from aaflatooni@yahoo.com) Received: from web56207.mail.re3.yahoo.com (web56207.mail.re3.yahoo.com [216.252.110.216]) by mx1.freebsd.org (Postfix) with SMTP id 49A838FC08 for ; Tue, 22 Sep 2009 12:28:11 +0000 (UTC) Received: (qmail 24640 invoked by uid 60001); 22 Sep 2009 12:01:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1253620891; bh=D6xmKkRm/jI281ihLOruxddgQyYwGBwTK65tE1nSKQw=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=dr5EwUCljjgMiEg8qAV6foc/5OELuy+GQCD7dPDx26B0cUY/vGC1AgXoHw/XBTGiKHrGOZWBmenIC1jihtQuAnEmH/aHKBkYeGy0w5aKaNKkX5bQthacl4C5iL/lPuFoACM6399HpO4X1VFRJ91k3RLzrGTcqlbfyeyyGATXIQo= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=JO9V2+QP1WBaVcbUIqMp3OGjXGluqBZKQqPRN1xlKOm0LB7wBY8a4h3J27cXnAiAZo5VBzuVecb68OPTquJCaRnqJjZGAU2NX657LVYLZ9EUNrKSUm98jwmyZUFRRsXhXFQ3QjG7mCE3fQ63FsPhSu1ZdBukP2unuxbzhGVsHIk=; Message-ID: <196554.24096.qm@web56207.mail.re3.yahoo.com> X-YMail-OSG: VmDEQAMVM1lIdgVRcJgp4sMr1dCZadeAPvMDk.u14vUyUCXUIpm7TQB3.9oP.m8uPbJYqrvmX60ONfiXbM0nmi_gEA7UGXrz9RYyMAg4Qhcv3XleUtUbWDNVkTVToB0j0Ai.6hYkQX6fx6WPAwfTAx5V7VtJQcveeJ5sK_ub_TXiAGHT.5sXPs58_lGmztvBnoV4JjTvQmwhfilmxAEiqtBrb.SB3hmBehVSEItZ.8TDQhbxf0NoAkQDVo78uMAxdSyzcxczpz_o4ZFo01DnjtPoTOQHZojgPEx7JJhWTrd7HJl41KQ0CCrXUL0YkdLOiqOXLBkENQCVxtUIJNCdZpdsevRw_qoRqpxSAgzrkwibCj1aRkjUvyJL5ZJbxjfkE54mHAa.674- Received: from [142.166.2.134] by web56207.mail.re3.yahoo.com via HTTP; Tue, 22 Sep 2009 05:01:30 PDT X-Mailer: YahooMailRC/157.18 YahooMailWebService/0.7.347.2 Date: Tue, 22 Sep 2009 05:01:30 -0700 (PDT) From: Aflatoon Aflatooni To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: FreeBSD 6.3 installation hacked X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2009 12:28:12 -0000 My server installation of FreeBSD 6.3 is hacked and I am trying to find out= how they managed to get into my Apache 2.0.61. =0A=0AThis is what I see in= my http error log:=0A=0A[Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM= , shutting down=0A[Mon Sep 21 02:00:14 2009] [notice] Apache/2.0.61 (FreeBS= D) PHP/5.2.5 mod_jk/1.2.25 configured -- resuming normal operations=0Awget:= not found=0ACan't open perl script "/tmp/shit.pl": No such file or directo= ry=0Awget: not found=0ACan't open perl script "zuo.txt": No such file or di= rectory=0Acurl: not found=0ACan't open perl script "zuo.txt": No such file = or directory=0Alwp-download: not found=0ACan't open perl script "zuo.txt": = No such file or directory=0Alynx: not found=0ACan't open perl script "zuo.t= xt": No such file or directory=0Azuo.txt=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 11 kB=A0=A0 56 kBps=0Awget: not found= =0ACan't open perl script "/tmp/shit.pl": No such file or directory=0Awget:= not found=0ACan't open perl script "zuo.txt": No such file or directory=0A= curl: not found=0ACan't open perl script "zuo.txt": No such file or directo= ry=0Alwp-download: not found=0ACan't open perl script "zuo.txt": No such fi= le or directory=0Alynx: not found=0ACan't open perl script "zuo.txt": No su= ch file or directory=0Azuo.txt=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0 11 kB=A0 107 kBps=0ADied at zuo.txt line 20.=0AGET= : not found=0ACan't open perl script "zuo.txt": No such file or directory= =0Awget: not found=0ACan't open perl script "zuo.txt": No such file or dire= ctory=0Acurl: not found=0ACan't open perl script "zuo.txt": No such file or= directory=0Alwp-download: not found=0ACan't open perl script "zuo.txt": No= such file or directory=0Alynx: not found=0ACan't open perl script "zuo.txt= ": No such file or directory=0Azuo.txt=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 11 kB=A0 108 kBps=0ADied at zuo.txt line = 20.=0A=0A=0A