httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael D. Wood" <m...@itsecuritypros.org>
Subject Re: [users@httpd] Possible virus via httpd server
Date Tue, 05 Jan 2016 01:27:08 GMT
Was the index.html file modified in anyway?  Did it call the executable?  Any rewrites or any
other files added to the path index.html resided?

Sent from my iPhone

> On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.berger@ieee.org> wrote:
> 
> It was not overwritten.  If you looked on the server, it was just fine.
> But an executable was delivered instead.  In any case, it  is gone
> with the wind -- DBAN is now running on the server. Hopefully,
> the reinstallation will work better.
>  
> Mike.
>  
> --
> Michael D. Berger
> m.d.berger@ieee.org
> http://www.rosemike.net/
>  
>  
> 
> From: Dino B. [mailto:mypascal2000@gmail.com] 
> Sent: Monday, January 04, 2016 19:36
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Possible virus via httpd server
> 
> Hmmm, index. Html is just default page???  Strange that that it got overwritten by some
executable
> 
> --
> Dino Buljubasic
> 
> --
> Dino Buljubasic
> Cell 604 441 3560
> 
> Please pardon my brevity - sent from my mobile device.  Please excuse any typos.
> 
>> On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.berger@ieee.org> wrote:
>> Following your suggestion, I made use of my daily backups to install
>> the httpd.conf from two days ago, when all was well. The problem was
>> the same.  I tried sublitting a file to sophos, but I would have to
>> join, and I am not ready for that.  See also my next      email.
>> 
>> Still heading toward DBAN.
>> 
>> Thanks,
>> Mike.
>> 
>> --
>> Michael D. Berger
>> m.d.berger@ieee.org
>> http://www.rosemike.net/
>> 
>> 
>> > -----Original Message-----
>> > From: Keith Roberts [mailto:keith.roberts@ecric.nhs.uk]
>> > Sent: Monday, January 04, 2016 11:25
>> > To: users@httpd.apache.org
>> > Subject: Re: [users@httpd] Possible virus via httpd server
>> >
>> > Hi Mike.
>> >
>> > You might like to send this to sophos for analysis:
>> >
>> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
>> >
>> > As index.html is the default page if nothing else is
>> > configured, has your httpd.conf file been modified to server
>> > this binary file instead of index.html?
>> >
>> > HTH,
>> >
>> > Keith Roberts
>> >
>> > On 4 Jan 2016, at 16:18, Michael D. Berger
>> > <m.d.berger@ieee.org> wrote:
>> >
>> > > Warning: This message contains unverified links which may
>> > not be safe.  You should only click links if you are sure
>> > they are from a trusted source.
>> > > Examining with Lemmy (A Windows version of VI), it looks
>> > like a binary file.
>> > > Size is 181.4 KB.
>> > > I am considering my favorite virus remover: DBAN, but it would take
>> > > several days work to recover from that.
>> > >
>> > > Mike.
>> > > --
>> > > Michael D. Berger
>> > > m.d.berger@ieee.org
>> > > http://www.rosemike.net/
>> > >
>> > >
>> > >> -----Original Message-----
>> > >> From: Daniel Beardsmore [mailto:daniel@trustnetworks.co.uk]
>> > >> Sent: Monday, January 04, 2016 05:03
>> > >> To: users@httpd.apache.org
>> > >> Subject: RE: [users@httpd] Possible virus via httpd server
>> > >>
>> > >> Well, what do you see if you examine the file in a text editor?
>> > >>
>> > >>> -----Original Message-----
>> > >>> From: Michael D. Berger [mailto:m.d.berger@ieee.org]
>> > >>> Sent: 04 January 2016 05:03
>> > >>> To: Apache-Users
>> > >>> Subject: [users@httpd] Possible virus via httpd server
>> > >>>
>> > >>> Using my WinXP Firefox client to access my previously
>> > working httpd
>> > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my
>> > >>> index.html .  Do you think I have a virus on my Linux box?  I did
>> > >>> notice that my iptables is not as tight as it should be.
>> > >>>
>> > >>> --
>> > >>> Michael D. Berger
>> > >>> m.d.berger@ieee.org
>> > >>> http://www.rosemike.net/
>> > >>>
>> > >>>
>> > >>>
>> > >>>
>> > >>
>> > ---------------------------------------------------------------------
>> > >>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > >>> For additional commands, e-mail: users-help@httpd.apache.org
>> > >>>
>> > >>>
>> > >>
>> > ---------------------------------------------------------------------
>> > >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > >> For additional commands, e-mail: users-help@httpd.apache.org
>> > >>
>> > >
>> > >
>> > >
>> > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > > For additional commands, e-mail: users-help@httpd.apache.org
>> > >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org

Mime
View raw message