From owner-freebsd-questions@FreeBSD.ORG Mon Feb 27 21:56:39 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC3BB16A458 for ; Mon, 27 Feb 2006 21:56:38 +0000 (GMT) (envelope-from scphantm@yahoo.com) Received: from ms-smtp-03.tampabay.rr.com (ms-smtp-03-smtplb.tampabay.rr.com [65.32.5.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF5BC43D53 for ; Mon, 27 Feb 2006 21:56:37 +0000 (GMT) (envelope-from scphantm@yahoo.com) Received: from [192.168.0.3] (242669hfc134.tampabay.res.rr.com [24.26.69.134]) by ms-smtp-03.tampabay.rr.com (8.13.4/8.13.4) with ESMTP id k1RLuZ6F028232 for ; Mon, 27 Feb 2006 16:56:36 -0500 (EST) Message-ID: <4403758C.3080401@yahoo.com> Date: Mon, 27 Feb 2006 16:56:28 -0500 From: Steel City Phantom User-Agent: Thunderbird 1.5 (X11/20060226) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Apparent Hack attempt filling partition X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2006 21:56:40 -0000 It seems that on friday i had some kind of hack scanner hit one of my servers. it went thru the website looking for scripts, i believe it was my hosting company that did it with their vulnerability scanner. The problem is that for some reason, the server was kicked into a loop failing on a perl script that eventually filled the /var partition with a 1 gig error log file and brought mysql down for lack of temp space to run some queries. here is the last snip of the log before it started repeating the can't open perl script for 1 gig of file. anyone have any ideas what could have caused that? the server is running PHP Version 4.3.9, Apache 1.3.33 on bsd 4.10 R2P /usr/local/www/data/goldsteins/themes/Showroom/images/FooterBack.jpg [Sun Feb 26 10:25:59 2006] [error] [client 216.153.168.66] File does not exist: /usr/local/www/data/goldsteins/themes/Showroom/images/FooterBack.jpg [Sun Feb 26 10:26:07 2006] [error] [client 216.153.168.66] File does not exist: /usr/local/www/data/goldsteins/themes/Showroom/images/FooterBack.jpg [Sun Feb 26 11:41:06 2006] [error] [client 83.179.151.230] File does not exist: /usr/local/www/data/interiors/index2.php [Sun Feb 26 11:41:14 2006] [error] [client 83.179.151.230] File does not exist: /usr/local/www/data/interiors/mambo/index2.php [Sun Feb 26 11:41:16 2006] [error] [client 83.179.151.230] File does not exist: /usr/local/www/data/interiors/cvs/index2.php [Sun Feb 26 11:41:20 2006] [error] [client 83.179.151.230] File does not exist: /usr/local/www/data/interiors/articles/mambo/index2.php wget: not found mv: ping.txt: No such file or directory wget: not found curl: not found curl: not found Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory Can't open perl script "temp2006": No such file or directory