Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 88722 invoked from network); 8 May 2005 23:16:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 May 2005 23:16:41 -0000 Received: (qmail 62973 invoked by uid 500); 8 May 2005 23:19:30 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 62963 invoked by uid 500); 8 May 2005 23:19:29 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 62947 invoked by uid 99); 8 May 2005 23:19:29 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from its-mu-mail3.its.rmit.edu.au (HELO its-mu-mail3.its.rmit.edu.au) (131.170.1.12) by apache.org (qpsmtpd/0.28) with ESMTP; Sun, 08 May 2005 16:19:29 -0700 Received: from its-gw-inet57.its.rmit.edu.au (its-gw-inet57.its.rmit.edu.au [131.170.10.77]) by its-mu-mail3.its.rmit.edu.au (8.13.1/8.12.11/mail3) with ESMTP id j48NGLZN020202 for ; Mon, 9 May 2005 09:16:21 +1000 (EST) Received: from INET57-MTA by its-gw-inet57.its.rmit.edu.au with Novell_GroupWise; Mon, 09 May 2005 09:16:21 +1000 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.5.4 Date: Mon, 09 May 2005 09:15:45 +1000 From: "Mathew Thomas" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Scanned-By: MIMEDefang 2.44 X-Virus-Checked: Checked Subject: Re: [users@httpd] Hacked the website replace the index.hm page X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Hi Tim, Thanks for the reply. Yes, couple of virtual hosts are running phpPBB. The = website which have been hacked are not using PHP,mysql or ssl. Thanks Mathew >>> tim@burden.ca 9/05/05 8:56:04 >>> We'll probably need more details. You running phpBB anywhere? ----- Original Message -----=20 From: "Mathew Thomas" To: Sent: Sunday, May 08, 2005 6:49 PM Subject: [users@httpd] Hacked the website replace the index.hm page Hi All, We are running apache_1.3.32 with mod_ssl, mySQL and PHP. OS is Solaris 9. Apache is running with User httpd Group http Most of the Documentroot is owned by httpd.( There are several virtualhost running on this server) its-wu-web:departments# ps -ef | grep http httpd 18168 24970 0 00:00:02 ? 0:04 /usr/local/apache/bin/httpd -DSSL httpd 16498 24970 0 08:39:24 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 16492 24970 0 08:39:24 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 15664 24970 0 08:28:56 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 16488 24970 0 08:39:23 ? 0:00 /usr/local/apache/bin/httpd -DSSL httpd 18182 24970 0 00:00:07 ? 0:04 /usr/local/apache/bin/httpd -DSSL Some how couple of the website was hacked and replaced the index.htm = pages. How can I prevent it happen again? Thanks Mathew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org=20 " from the digest: users-digest-unsubscribe@httpd.apache.org=20 For additional commands, e-mail: users-help@httpd.apache.org=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org=20 " from the digest: users-digest-unsubscribe@httpd.apache.org=20 For additional commands, e-mail: users-help@httpd.apache.org=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org