httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luisa Ester Navarro <luisa2...@hotmail.com>
Subject RE: [users@httpd] attack on apache
Date Wed, 11 Jan 2012 20:37:25 GMT



Date: Wed, 11 Jan 2012 21:13:53 +0100
From: jeroen@adaptr.nl
To: users@httpd.apache.org
Subject: Re: [users@httpd] attack on apache



  


    
  
  
    On 01/11/2012 09:10 PM, Jaco Kroon wrote:
    
      
      On 11/01/12 21:35, Jeroen Geilman wrote:
      
        
        

        
          
            
              
                

                  In /var/log/httpd/error_log I see hink like this

                  sh: del comand no found

                  sh: xx Permission denied

                  

                  I need help !

                  

                
              
            
          
        
        

        1. Stop apache.

        2. investigate which leaky, creaky or lousy PHP script allowed
        this exploit.

        3. remove the bad script.

      
      4.  Remount /tmp with noexec,nosuid,nodev to prevent the majority
      of these types of exploits.

    
    

    Surely you noticed that I did not advise him to turn it back on - at
    all ? ;)

    But yes, distros that don't protect /tmp suck.

    

    

    -- 
J.

Thanks Jeron:
            any idea how to start researching which is the leaky script
Cheers
Luisa
 		 	   		  
Mime
View raw message