httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael D. Berger" <m.d.ber...@ieee.org>
Subject RE: [users@httpd] Possible virus via httpd server
Date Mon, 04 Jan 2016 20:38:05 GMT
Following your suggestion, I made use of my daily backups to install
the httpd.conf from two days ago, when all was well. The problem was
the same.  I tried sublitting a file to sophos, but I would have to
join, and I am not ready for that.  See also my next email.

Still heading toward DBAN.

Thanks,
Mike.

--
Michael D. Berger
m.d.berger@ieee.org
http://www.rosemike.net/
  

> -----Original Message-----
> From: Keith Roberts [mailto:keith.roberts@ecric.nhs.uk] 
> Sent: Monday, January 04, 2016 11:25
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Possible virus via httpd server
> 
> Hi Mike.
> 
> You might like to send this to sophos for analysis:
> 
> https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
> 
> As index.html is the default page if nothing else is 
> configured, has your httpd.conf file been modified to server 
> this binary file instead of index.html?
> 
> HTH,
> 
> Keith Roberts
> 
> On 4 Jan 2016, at 16:18, Michael D. Berger 
> <m.d.berger@ieee.org> wrote:
> 
> > Warning: This message contains unverified links which may 
> not be safe.  You should only click links if you are sure 
> they are from a trusted source.
> > Examining with Lemmy (A Windows version of VI), it looks 
> like a binary file.
> > Size is 181.4 KB.
> > I am considering my favorite virus remover: DBAN, but it would take 
> > several days work to recover from that.
> > 
> > Mike.
> > --
> > Michael D. Berger
> > m.d.berger@ieee.org
> > http://www.rosemike.net/
> > 
> > 
> >> -----Original Message-----
> >> From: Daniel Beardsmore [mailto:daniel@trustnetworks.co.uk]
> >> Sent: Monday, January 04, 2016 05:03
> >> To: users@httpd.apache.org
> >> Subject: RE: [users@httpd] Possible virus via httpd server
> >> 
> >> Well, what do you see if you examine the file in a text editor?
> >> 
> >>> -----Original Message-----
> >>> From: Michael D. Berger [mailto:m.d.berger@ieee.org]
> >>> Sent: 04 January 2016 05:03
> >>> To: Apache-Users
> >>> Subject: [users@httpd] Possible virus via httpd server
> >>> 
> >>> Using my WinXP Firefox client to access my previously 
> working httpd
> >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my 
> >>> index.html .  Do you think I have a virus on my Linux box?  I did 
> >>> notice that my iptables is not as tight as it should be.
> >>> 
> >>> --
> >>> Michael D. Berger
> >>> m.d.berger@ieee.org
> >>> http://www.rosemike.net/
> >>> 
> >>> 
> >>> 
> >>> 
> >> 
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>> For additional commands, e-mail: users-help@httpd.apache.org
> >>> 
> >>> 
> >> 
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message