httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dan <i...@hostinthebox.net>
Subject Re: [users@httpd] I've been hacked, I need some help please...
Date Mon, 21 Mar 2005 20:30:38 GMT
John wrote:
> From: cron@odi.com.br <cron@odi.com.br>
> To: <users@httpd.apache.org>
> Date: Monday, March 21, 2005, 9:45:51 PM
> Subject: [users@httpd] I've been hacked, I need some help please...
> 
> 
> 
>   Monday, March 21, 2005, 9:45:51 PM, you wrote:
> 
>   > I got the same problem one month ago, I was running awstas(log statistics),
> 
>>anyway, they got access to /tmp wrote some files and execute the telnet
>>program at first I thought well this cant be firewall blocks everything
>>except port 80,  I found the code for the exploit and bad news, the exploit
>>connect to a remote machine and give a telnet shell on the remote machine
>>after that I'm blocking outgoing port too. To bad for me and my laziness.
>>Those stupid thing make me work 28 hs non stop.
> 
> 
> 
> 
>>Also found allot of backdoors i don't know if  was working at all but
>>running in ports already in use like port 80 and 21 and lots of modified
>>files like ps, who, ftpwho and some freaking ftp server (gssftp) witch with
>>some very weird install instruction gave root access to remote users. At
>>this point i was sure it was a script-kidie  but found evidence of more than
>>one attackers.
> 
> 
> 
> 
>>My point is i could NEVER fell save just fixing things. So reinstalled.
> 
> 
> 
> 
>>Angelo
> 
> 
>>----- Original Message ----- 
>>From: "Ivan Barrera A." <Bruce@Ivn.cl>
>>To: <users@httpd.apache.org>
>>Sent: Wednesday, March 16, 2005 9:51 AM
>>Subject: Re: [users@httpd] I've been hacked, I need some help please...
> 
> 
> 
> So you think that was an awstats exploit that let the intruder to
> install the telnet program?
> 
> Which awstats version you were using?
> 
> Thanks in advance
> 
> John
> 

This is a known exploit that affects awstats-6.2.  It can be fixed by 
either setting AllowToUpdateStatsFromBrowser = 0, or to upgrade to 6.3.

I guess a lot of people have been hit hard by this.  THat's too bad, 
because awstats was, and maybe still is, a very useful tool.  It's a 
shame to think of how other people see it now.

Thanks
-dant


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message