httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marian D Marinov <hack...@hydra.azilian.net>
Subject Re: [users@httpd] Hacked ? /usr/local/apache/bin/httpd -DSSL ?
Date Wed, 02 Feb 2005 21:16:04 GMT
Probably someone have hacked your system trough phpBB or some other web soft 
like that.
Check if there is someting at /tmp dir.
Create a separate partition for /tmp and mount it with 
(rw,noexec,nosuid,nodev,noatime)

Regards 
        M.Marinov
На сряда 02 февруари 2005 11:12 п.о. Kenneth Kalmer написа:
> I've seen the same thing a couple of days ago on another box. IIRC
> look in /tmp for some scripts running from there. I'm not an expert on
> security breaches so I won't comment on that. Also run nmap to see
> what extra ports are now open, we had port 32xxx open as well and
> according to GFILanGuard that's a BackOrifice port...
>
> HTH
>
> On Wed, 2 Feb 2005 22:09:53 +0100, mailarch@xy1.org <mailarch@xy1.org> 
wrote:
> > Hello,
> >
> > I run an Apache/1.3.29 (Debian GNU/Linux) mod_gzip/1.3.26.1a PHP/4.3.3
> > mod_ssl/2.8.16 OpenSSL/0.9.7c.
> >
> > Today I have seen with the top command two Perl process by www-data which
> > occupied all my CPU resources.
> >
> > ps aux | grep pid_number_of_one_of_this_perl_processes gave me that:
> >
> > melanie:/usr/local# ps aux | grep 10813
> > www-data 10813 48.8  0.3  5128 3456 ?        R    20:54  11:18
> > /usr/local/apache/bin/httpd -DSSL root     12615  0.0  0.0  2056  732
> > pts/0    R    21:18   0:00 grep 10813
> >
> > But I don't have a /usr/local/apache directory!!!
> >
> > Does somebody has hacked my apache web server?
> >
> > Should I contact the Debian apache package maintainer? Because I use the
> > Debian stable version.
> >
> > --
> > saf
> > http://Archivum.info/ - Administrator
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org

-- 
| Registered Linux User #309995 at http://counter.li.org
| One Planet, One Internet.
| We Are All Connected.
\__________________

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message