httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Barrera A." <Br...@Ivn.cl>
Subject Re: [users@httpd] irc eggdrop exploit woes
Date Mon, 06 Jun 2005 22:07:18 GMT
Yep.
It is most probably that you were hacked through PHP.
Most common way of "hacking" this way, is abusing sites running
PHP-Nuke, phpBB, and many other sites using "unsafe" programming techniques.

If you look in the mailing archives, you can find lots of answers to
this type of problems.
(consider turning register_globals off, safe_mode on, using somethign
like mod_security, disabling exec on tmp partitions, using chrooted
vhosts, using phpsuexec, etc)

Eben Goodman wrote:
> I recently had an irc exploit on my server running this eggdrop relay
> thing via apache.  I was able to find the offending files and remove
> them and the eggdrop processes went away for awhile, but now they are
> back and try as I might I can't find any files that correspond to this
> software.  When viewing top it shows the eggdrop processes running as
> apache.  If I don't reboot the server for a couple days the eggdrop
> apache processes start sucking up all cpu and gobbling bandwidth.
> 
> Has anyone else dealt with this?
> 
> thanks,
> Eben
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message