httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luisa Ester Navarro <>
Subject RE: [users@httpd] attack on apache
Date Wed, 11 Jan 2012 20:37:25 GMT

Date: Wed, 11 Jan 2012 21:13:53 +0100
Subject: Re: [users@httpd] attack on apache


    On 01/11/2012 09:10 PM, Jaco Kroon wrote:
      On 11/01/12 21:35, Jeroen Geilman wrote:


                  In /var/log/httpd/error_log I see hink like this

                  sh: del comand no found

                  sh: xx Permission denied


                  I need help !



        1. Stop apache.

        2. investigate which leaky, creaky or lousy PHP script allowed
        this exploit.

        3. remove the bad script.

      4.  Remount /tmp with noexec,nosuid,nodev to prevent the majority
      of these types of exploits.


    Surely you noticed that I did not advise him to turn it back on - at
    all ? ;)

    But yes, distros that don't protect /tmp suck.




Thanks Jeron:
            any idea how to start researching which is the leaky script
View raw message