On 09/01/2012 16:11, Luisa Ester Navarro wrote: > My server is being attacked. I think it is from apache because I have found > commands running with the owner apache. > My httpd is on /usr/sbin and they run on /usr/local/apache/bin/httpd -DSFSL > and sh -c curl -o http .... > I don't think they exploited apache, maybe an application level bug. Are the cronjobs running as the apache user? -- Simone Caruso IT Consultant +39 349 65 90 805 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|