httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ron Wingfield" <dtc...@ionet.net>
Subject Re: Is there a Trojan Horse in "Re: Large amount of Parent Server Generation"?
Date Tue, 02 Jul 2002 16:02:51 GMT
Hello, George, James, and all,

Apparently, the "threat" may not be as insidious as I thought.  George, I am using MS/Outlook
Express v5 for my email interface.  I'm a MS/Windows "user", but NOT enamored with MicroSoft.
 I am puzzled why I was not prompted for the option to start the download, rather than immediately
launching the download, . . .MicroSoft in their infinite wisdom?  

Also, George, I wish I could (sorry I cannot) offer any help regarding your original question.

To all, my FreeBSD v4.5 system/w Apache 2.0.28 is under assault these days from the no-life
(outside the internet) YUKS out there who have nothing better to do with their time than look
for opportunities to exploit.  I guess a valid question would be "How did the download instructions
find it's way into an apparantly ordinary, domestic (as in from the Western World) email.
 Also of note, as I was reading list responses, upon opening (I believe) the response from
James, who remarked that he was prompted for the Chinese language support, my Outlook Express
displayed that the original message was from my sister-in-law's earlier message regarding
my birthday!  I completely shutdown my Windows workstation, and at the same coincidental time
(?), my unix box (FreeBSD v4.5) had crashed, again, consequently, it was rebooted.  After
the restarts, James' message displayed correctly.

I guess the "lesson" from all of this is that the "anti-security" genie is definitely out
of the box and is not going back in.

OTTF,
Ron W.

 
  function anonymous(ComponentID, Lresult, Phase, FriendlyName, Status) { /* * If a component
failed to d/l or install correctly, note the Lresult (hr from urlmon) */ if (Lresult <
0) { downloadError = true; dlErrorResult = Lresult; if(Lresult == -2147024891) // No Admin
Rights AdminError = true; } // IE version = VER_CORE } 
  ahh. that explains, I already have that installed.
   
  I checked the header of the email and there is why it occured:
  I has a multi-part header with the character set defined as big5 (chinese language support)
   
  George
   
   
  ---------
   
  No problem, as the download should have been from microsoft, a function of Outlook/IE, at
  least I hope!
   
   
   
   
   
  Received: from apache.org (daedalus.apache.org [63.251.56.142]) by poison.slackinc.com with
SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
   id NZ0WNLG0; Tue, 2 Jul 2002 02:29:42 -0400
  Received: (qmail 12124 invoked by uid 500); 2 Jul 2002 06:29:35 -0000
  Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
  Precedence: bulk
  Reply-To: users@httpd.apache.org
  list-help: <mailto:users-help@httpd.apache.org>
  list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
  list-post: <mailto:users@httpd.apache.org>
  Delivered-To: mailing list users@httpd.apache.org
  Received: (qmail 12075 invoked from network); 2 Jul 2002 06:28:54 -0000
  Received: from ip-200-166-66-202.rev.dyxnet.com (HELO vst.com.hk) (202.66.166.200)
    by daedalus.apache.org with SMTP; 2 Jul 2002 06:28:54 -0000
  Received: (qmail 12822 invoked from network); 2 Jul 2002 06:28:43 -0000
  Received: from unknown (HELO sysadmin) (192.168.2.254)
    by 0 with SMTP; 2 Jul 2002 06:28:43 -0000
  Message-ID: <014a01c22191$14074330$8d01a8a8@sysadmin>
  From: "Maillist" <apache.mailling.list@techclan.net>
  To: <users@httpd.apache.org>
  Subject: Large amount of Parent Server Generation
  Date: Tue, 2 Jul 2002 14:24:10 +0800
  MIME-Version: 1.0
  Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0147_01C221D4.22180CA0"
  X-Priority: 3
  X-MSMail-Priority: Normal
  X-Mailer: Microsoft Outlook Express 6.00.2600.0000
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
  X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

  ------=_NextPart_000_0147_01C221D4.22180CA0
  Content-Type: text/plain;
   charset="big5"
  Content-Transfer-Encoding: base64

  ------=_NextPart_000_0147_01C221D4.22180CA0
  Content-Type: text/html;
   charset="big5"
  Content-Transfer-Encoding: base64

  ------=_NextPart_000_0147_01C221D4.22180CA0--

    -----Original Message-----
    From: James Eastwood [mailto:JamesEastwood@businessserve.co.uk]
    Sent: Tuesday, July 02, 2002 11:21 AM
    To: 'users@httpd.apache.org'
    Subject: RE: Is there a Trojan Horse in "Re: Large amount of Parent Server Generation"?


    when i opened the post it prompted me for a chinese language install...
      -----Original Message-----
      From: George Gallen [mailto:ggallen@slackinc.com]
      Sent: 02 July 2002 15:56
      To: 'users@httpd.apache.org'
      Subject: RE: Is there a Trojan Horse in "Re: Large amount of Parent Server Generation"?


      I rechecked that email, and did a view source on it, and did not see that function.
      Possibly your email reading program inserted it somehow, are you using a browser to
           read your emails?
       
      George
        -----Original Message-----
        From: Ron Wingfield [mailto:dtcrtw@ionet.net]
        Sent: Tuesday, July 02, 2002 10:45 AM
        To: users@httpd.apache.org
        Subject: Is there a Trojan Horse in "Re: Large amount of Parent Server Generation"?


        When I opened this posting, a download started immediately!  I canceled the operation
ASAP.  
        What is the meaning of this? !!!  (see the following)
          function anonymous(ComponentID, Lresult, Phase, FriendlyName, Status) { /* * If
a component failed to d/l or install correctly, note the Lresult (hr from urlmon) */ if (Lresult
< 0) { downloadError = true; dlErrorResult = Lresult; if(Lresult == -2147024891) // No
Admin Rights AdminError = true; } // IE version = VER_CORE } 
          Hi There,
           
            Could somebody tell me what is the meaning of "Parent Server Generation: XXX"
inside the server-status page ?
           
            We're hosting around 300 virtual hosts on our apache server/w php enabled. During
a new Parent Server Generation, all connection got dropped..... and our clients complaint
they cannot reach their website.
           
          Regards,
          Dino.M

           


Mime
View raw message