httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaco Kroon <j...@uls.co.za>
Subject Re: [users@httpd] attack on apache
Date Wed, 11 Jan 2012 20:10:50 GMT
On 11/01/12 21:35, Jeroen Geilman wrote:
>
>>
>> In /var/log/httpd/error_log I see hink like this
>> sh: del comand no found
>> sh: xx Permission denied
>>
>> I need help !
>>
>
> 1. Stop apache.
> 2. investigate which leaky, creaky or lousy PHP script allowed this 
> exploit.
> 3. remove the bad script.
4.  Remount /tmp with noexec,nosuid,nodev to prevent the majority of 
these types of exploits.

It doesn't eliminate them, just prevents the majority of "canned" ones 
that I'm aware of.

JK

Mime
View raw message