httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee Fellows <lfell...@4lane.com>
Subject Re: [users@httpd] Possible virus changing cgi-bin directory permissions
Date Thu, 16 Jan 2003 15:45:36 GMT
On Thu, 2003-01-16 at 10:23, Kenny G. Dubuisson, Jr. wrote:
> I have a strange problem that I can't seem to track down.  Every night the
> permissions on my cgi-bin scripts are getting changed to non-executable.
> I've traced every cron job I have and can't duplicate the behavior.  I now
> believe that it may be a malicious access to my web server that is causing
> this.

    OS?

>   Has anyone heard of a virus that will do what I'm experiencing?

     It would be a very interesting virus that would be interested
     in helping a sysadmin secure their system.  Personnally, this 
     does not seem likely.  Although... I do recall hackers who have
     done similiar things on machines they accessed without the
     sysadmins' permission.  But you have a long way to go before
     we could rule that a possibility.

>   I
> looked all through the Apache access log and found a bunch of attempted
> accessed by what appears to be malicious scripts but none of them stick out
> that  could do what I have happening.

    At what time does the modification of the permissions on your
    cgi scripts occur?  What cron jobs run at that time, or start
    slightly before then?


>   Any ideas would be greatly
> appreciated.
> 
> Thanks,
> Kenny
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
-- 
Lee Fellows <lfellows@4lane.com>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message