httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Tanner <rtan...@linfield.edu>
Subject [users@httpd] Possible apache security hole??
Date Fri, 04 Mar 2005 02:27:20 GMT
Hi,

We have an unknown assailant twice beak into our main webserver as the
apache user (the user the web server runs as) and each time he plated
files in /var/tmp and caused the whole system to hang (RH Linux).  I
don't know that he/she is coming in by taking advantage of an apache
bug or not, but here is the list of what's running in the server and
what I'm wondering is whether my problem sounds like a known issue with
any one of these packages/versions.  The hacker might, of course, be
getting in via some entirely unrelated mechanism.
 
Server: Apache/2.0.47 (Unix) mod_ssl/2.0.47 
OpenSSL/0.9.7a DAV/2 PHP/4.3.6 mod_jk/1.2.4

Thanks.

-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message