httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luisa Ester Navarro <luisa2...@hotmail.com>
Subject RE: [users@httpd] attack on apache - solved -
Date Fri, 13 Jan 2012 23:41:11 GMT






> Date: Fri, 13 Jan 2012 15:32:55 -0500
> To: users@httpd.apache.org
> From: stormy22@stormy.ca
> Subject: Re: [users@httpd] attack on apache - solved -
> 
> At 04:48 PM 1/13/2012 -0300, you wrote:
> >Thanks a lot to everyone who help me to solve the problem.
> >I had installed phpmyadmin and they used it to attack my server.
> >I found this in /var/log/httpd/access_log
> 
> Was your compile of apache2 "prefork" or "worker"?  And could you be a 
> little more explicit with what you found in your logs (without compromising 
> security?)
> 
> I'm interested because I have a "worker" compile of 2.2.17 that I will 
> shortly be changing either to FastCGI or prefork, because of php that 
> requires libapache2-mod-php5, which in turn depends on apache2-mpm-prefork 
> (> 2.0.52) and apache2-mpm-itk.
> 
> tnx - paul 
> 
> 

My apache is compiled with prefork.
My phpmyadmin must be used only from my internal  network with user and passwd
(I thought this ).  When I was looking at my access_log I saw that it was being used from
and external ip.

The messages in my logfile is:

xx.xxx.xx.xx "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 14049 "-" "Mozilla/4.0
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
xx.xxx.xxx.xx "POST /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 - "http://xxx.xx.xx.xx/admin/phpmyadmin/scripts/setup.php\r"
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
 
Now I just remove some permissions until I find a real solution . I am using Centos 5.7.
 Cheers

Luisa

> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

 		 	   		  
Mime
View raw message