Earlier I was making a change to my apache config and when i went to restart apache it would not start... It said port(s) http,https were in use and could not bind to them, I thought wierd thats never happened before... so i got to looking and notice I had an extra process(./spc1) running as apache, so I checked my logs and found this:

--08:16:50-- http*//b0x14.hpg.com.br/spc1
=> `spc1'
Resolving b0x14.hpg.com.br... done.
Connecting to b0x14.hpg.com.br[200.226.137.9]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http*//www.b0x14.hpg.com.br/spc1 [following]
--08:16:50-- http*//www.b0x14.hpg.com.br/spc1
=> `spc1'
Resolving www.b0x14.hpg.com.br... done.
Connecting to www.b0x14.hpg.com.br[200.226.137.9]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19,589 [text/plain]

0K .......... ......... 100% 34.47 KB/s

08:16:51 (34.47 KB/s) - `spc1' saved [19589/19589]

in my apache error log,it's some exploit of somekind, what I do not know it was binded to http,https and one other port in the 14000 range, had many of my apache log files open.

Does anyone know what this is and how can I prevent my server from accepting these requests?

Thanks,
Nick

[edited by: littleman at 6:58 pm (utc) on Aug. 20, 2003]
[edit reason] de-linked [/edit]