my machine has been hacked using this exploit as well. It is incomprehensible to me how a well-known exploit that was reported as "exploited widely" over one month ago still isn't fixed in Ubuntu.
Some more info for the (probably many) others involved:
Typically, the attacker downloads a tool such as a connect back backdoor using this exploit. E.g. php-reverse-shell or Data Cha0s Connect Back Backdoor. The machines are then used as botnet zombies, using a bot like emech.
Some more info about the attack can be found in /var/log/apache2/error.log where you can see the wget output of the initial backdoor download. Of course, if the attacker later on successfully applies a local root exploit, he can remove all traces easily.
Hi,
my machine has been hacked using this exploit as well. It is incomprehensible to me how a well-known exploit that was reported as "exploited widely" over one month ago still isn't fixed in Ubuntu.
Some more info for the (probably many) others involved:
Typically, the attacker downloads a tool such as a connect back backdoor using this exploit. E.g. php-reverse-shell or Data Cha0s Connect Back Backdoor. The machines are then used as botnet zombies, using a bot like emech.
Some more info about the attack can be found in /var/log/ apache2/ error.log where you can see the wget output of the initial backdoor download. Of course, if the attacker later on successfully applies a local root exploit, he can remove all traces easily.
bye,
Till