httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Station51 Donations" <donati...@station51.net>
Subject RE: [users@httpd] Machine compromised via apache 2.0.54... I think.
Date Tue, 27 Sep 2005 16:17:36 GMT
I think it depends on how the scripts are being written there. From what I
know, and I could be wrong, you would need to be running something on the
server that would be giving the attacker some method of exploiting things.
Whether this be some kind of control panel, or something. From my knowledge,
and as I said, I again could be wrong, just plain static html pages wouldn't
give the attacker the ability to write to the filesystem. Its usually in
combination with a system running PHP and/or some kind of CGI script. 

If you want to stop them dead, uninstall perl and remove mod_cgi from apache
if its installed. The .pl files require Perl to run. If you don't have it on
the system, they simply wont run.  But neither will anything else that uses
perl. 

I wish I had some answers for you. I know how stressful these things can be.


Thanks,
Bill

-----Original Message-----
From: Farmer J [mailto:hackersreallysuck@gmail.com] 
Sent: Tuesday, September 27, 2005 11:05 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Machine compromised via apache 2.0.54... I think.

We don't run PHP on this machine.  There must be a way at the Web
server level to prohibit it from writing scripts to the filesystem and
then executing them.  Right??


On 9/27/05, Station51 Donations <donations@station51.net> wrote:
> Hello,
>
> We discovered this problem on our own server quite some time ago. It was
> linked to a problem with the forum software, phpBB. If you or anyone on
the
> server (customers etc) are running it, they should be advised to upgrade
to
> the latest versions. This also goes for any *Nuke software such as
postnuke
> and other content management systems. Their spaghetti coded and often have
a
> lot of security problems. Our servers are now forbidding clients to
install
> any nuke CMSes as well as install phpBB because we feel its simply not
worth
> the risk of our entire customer base.
>
> Someone here probably has more technical documentation about the specific
> phpBB/webalizer bug I'm referring to.
>
> Thanks,
> Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message