httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anderson Miranda <>
Subject [users@httpd] Apache + AWSTATS = Vulnerability????
Date Thu, 14 Jul 2005 18:38:55 GMT
Kk, here is what I've got so far:

My system seems to be infected by some kind of trojan/worm/virus called 
Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via 
ssh (22).
I found some related info saying that the intruder could be using a 
security flaw from AWSTATS + Apache to get a valid root bash session 
over port 80.

Now the intruder created a few files, infected some others and is using 
this scanport. I stopped the scanport by blocking the output of ssh in 
my iptables and could be able to erase some virus related files.

Now I want to know just 2 things:

First, how can I be sure that it all happened because of the awstats 
security flaw?
Second, how could I completely remove this Unix/Hacktop from my system 
(Linux RedHat9 k2.4) ?

PS: I know that the second question doesn't have nothing to do with the 
httpd list at all, but if someone could plz help me, I would be really 
thankful! :)

Best Regards,

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message