One of my machine was installed AWStats 5.9 since 2003 and never upgraded or patched. Today I heard that that machine has been transmitting syn flood to 3com. After short investigating, we found that there has been a strange process namely cback running as apache. Then I simply googled by keyword . The first result is Slapper v2.0 - XML-RPC/Awstats Worm. Oh, my god! I have just got hacked by XML-RPC 2 weeks ago. It seems XML-RPC implementation in PHP is being widely cracked down by many hackers around the world.

If you want to test your AWStats, get the exploit here.

Technorati Tags: Bug, English, Security, AWStats, Slapper, Exploit, XML-RPC, PHP, Cback, 3Com, Syn Flood, Hack, Crack