[arch-general] My Apache Sever Compromised?
Jameson
imntreal at gmail.com
Sat Mar 29 22:37:39 EDT 2014
I'm seeing some very strange behavior from my Apache web server, and
I'm afraid it may have been compromised. Every time I start it, my
router is saturated with the maximum number of connections it can
handle, and my access_log starts filling with lines like:
208.115.242.252 - - [29/Mar/2014:22:04:54 -0400] "GET
http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=3730175&pub_url=${PUB_URL}
HTTP/1.0" 200 5463
74.63.219.228 - - [29/Mar/2014:22:04:54 -0400] "GET
http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90§ion=5101980&pub_url=${PUB_URL}
HTTP/1.0" 200 5432
198.100.123.53 - - [29/Mar/2014:22:04:54 -0400] "GET
http://www.superficialgirl.com/miss/160x600.php HTTP/1.0" 200 374
198.100.121.56 - - [29/Mar/2014:22:04:53 -0400] "GET
http://content.yieldmanager.edgesuite.net/atoms/14/0d/e5/b4/140de5b4c2f26ddb1e1e376744a4b799.jpg
HTTP/1.0" 200 20393
199.83.93.35 - - [29/Mar/2014:22:04:54 -0400] "GET
http://ro2.biz/pixel.png HTTP/1.0" 200 151
172.246.127.211 - - [29/Mar/2014:22:04:54 -0400] "GET
http://ads.yahoo.com/imp?Z=300x250&s=5507180&_salt=2285596723&B=12&m=2&H=http%3A%2F%2Fwww.yougoldenhealth.com%2Findex.php%2Fhealthy-living%2F3335-healthy-living-posters-ninja-tips-for-healthy-living&u=http%3A%2F%2Fwww.yougoldenhealth.com%2Findex.php%2Fhealthy-living%2F3335-healthy-living-posters-ninja-tips-for-healthy-living&M=4&r=1
I don't serve any adds from this server. It's just a few webapps that
I use personally. Has anyone seen anything like this before? Any
advice?
Thanks,
=-Jameson
More information about the arch-general
mailing list