httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morgan Gangwere <>
Subject Re: [users@httpd] Someone hacked my apache2 server
Date Sun, 04 Apr 2010 03:46:58 GMT
On 4/3/2010 8:55 PM, Gil Vidals wrote:
> Oleg,
> What kind of web application firewall (WAF) are you running on your web
> servers? If the answer is "none", then you will have many problems with
> malware and hackers.  You must have proper security. Google
> "mod_security" or hire a web security guy to take care of your servers
> for you.
Excuse me?
Props for the blatant plug but why would you ever say that a firewall is 
//absolutely// needed? By all counts, any modern machine should be 
Deny-By-Default, and security is something that must be implemented 
along the application's terms.

What it appears here is that someone took advantage of a buffer overflow 

What needs to be asked are:
a) What OS is this running:
[ ] Windows [ ] Linux [ ] OSX/Darwin [ ] *BSD
b) What services are running:
[x] httpd - apache
[x] sshd  - Tell me its OpenSSH v2+...
[ ] ftpd  = If so, which one?
[ ] mail
[ ] other
c) What was this server running?
A corperate Intranet? Wordpress? Nothing in particular?

As for the content of the data, it looks like its Big5 encoded... 
Possibly a message from someone?
Most common values are:
0xD0 0x20 0x95 0xD1 0xE2

Definitely looks big5 encoded, however I dont know for sure.

In any direction, I'd look into at one point installing Tripwire -- And 
a good backup system if you dont have one already (can YOU degauss your 
main disk?)
Morgan Gangwere

 >> Why?
 > Because it breaks the logical flow of conversation, plus makes 
messages unreadable.
 >>> Top-Posting is evil.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message