httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Mahoney, System Admin" <d...@prime.gushi.org>
Subject Re: [users@httpd] irc eggdrop exploit woes
Date Mon, 06 Jun 2005 22:44:30 GMT
On Mon, 6 Jun 2005, Eben Goodman wrote:

If you're doing multi-hosting, look into suexec.  the fact that it runs 
CGI's as the user is kinda secondary to the fact that it shows you WHICH 
user uploaded the insecure script.

For PHP scripts, I've had good luck running suPHP (which is not an 
official apache project, but something similar really should be).

-Dan


> I recently had an irc exploit on my server running this eggdrop relay thing 
> via apache.  I was able to find the offending files and remove them and the 
> eggdrop processes went away for awhile, but now they are back and try as I 
> might I can't find any files that correspond to this software.  When viewing 
> top it shows the eggdrop processes running as apache.  If I don't reboot the 
> server for a couple days the eggdrop apache processes start sucking up all 
> cpu and gobbling bandwidth.
>
> Has anyone else dealt with this?
>
> thanks,
> Eben
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

--

Amerikanskaya firma Transceptor Technology pristupila k poizvodstu komputerov "Personal'ni
Sputnik"

--Snap, "The Power"

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message