tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Attacks in Apache servers
Date Thu, 02 May 2013 11:42:34 GMT
On 02/05/2013 12:29, Jess Holle wrote:
> http://blogs.cisco.com/security/linuxcdorked-faqs/ claims this is not a
> cPanel vulnerability per se...

To quote the relevant part of that article:

<quote>
How are attackers gaining access to the host servers?
How the attackers are gaining root access to begin with is a separate
matter, still unresolved. Attackers may have stolen login credentials
via phishing, or via a localized infection on a management system, or
simply by brute-force guessing the login.
</quote>

httpd is simply the vehicle the attackers are using to run their malware
*once they already have root access*

There is no Apache http vulnerability to see here. Move along. Move along.

Mark


> 
> On 5/2/2013 6:22 AM, Darryl Lewis wrote:
>> "Last Friday (April 26), ESET and Sucuri simultaneously blogged about the
>> discovery of Linux/Cdorked, a backdoor impacting Apache servers running
>> cPanel." -http://blogs.cisco.com/security/linuxcdorked-faqs/
>>
>> So it looks like an cPanel application vulnerability, not an Apache
>> vulnerability. The title of that first article in simple WRONG.
>> And seriously, who manages a site via cPanel? If you use cPanel, maybe
>> linux isn't a good fit for you.
>>
>>
>> On 2/05/13 7:48 PM, "Brian Burch" <brian@pingtoo.com> wrote:
>>
>>> On 02/05/13 09:32, André Warnier wrote:
>>>> M Eashwar wrote:
>>>>> Hi,
>>>>>
>>>>>     Anyone attacked with reference to below URL?
>>>>>
>>>>>
>>>>> http://efytimes.com/e1/fullnews.asp?edid=105167&ntype=mor&edate=4/29/201
>>>>>
>>>>> 3
>>>>>
>>>> Never heard of "EFYtimes" before, but considering what I have been
>>>> reading lately about bots, I would advise a modicum of caution before
>>>> following this link.
>>>> (And also maybe a modicum of healthy scepticism about that news article
>>>> itself).
>>> This vulnerability applies only to apache httpd and is not relevant to
>>> tomcat.
>>>
>>> ALSO, it only applies to apache httpd when installed via a third-party
>>> automated management system that is reported to not verify the digital
>>> signature of the binary... which would be very negligent.
>>>
>>> You should always verify apache packages against the published
>>> signatures. Although linux distribution rpm and deb packages are
>>> automatically verified during installation, we strongly recommend
>>> installing packages directly from the official apache distribution
>>> servers and then verifying the signature yourself - prior to
>>> installation!
>>>
>>> Regards,
>>>
>>> Brian
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>> .
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message