Re: attack on apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: attack on apache
From: Jeroen Geilman <jeroen@xxxxxxxxx>
Date: Wed, 11 Jan 2012 21:13:53 +0100
In-reply-to: <4F0DECCA.1040205@uls.co.za>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111125 Thunderbird/3.1.16 ThunderBrowse/3.3.5

On 01/11/2012 09:10 PM, Jaco Kroon wrote:

On 11/01/12 21:35, Jeroen Geilman wrote:

In /var/log/httpd/error_log I see hink like this
sh: del comand no found
sh: xx Permission denied

I need help !

1. Stop apache.
2. investigate which leaky, creaky or lousy PHP script allowed this exploit.
3. remove the bad script.

4. Remount /tmp with noexec,nosuid,nodev to prevent the majority of these types of exploits.

Surely you noticed that I did not advise him to turn it back on - at all ? ;)
But yes, distros that don't protect /tmp suck.

-- 
J.

Follow-Ups:
- RE: attack on apache
  - From: Luisa Ester Navarro

References:
- attack on apache
  - From: Luisa Ester Navarro
- Re: attack on apache
  - From: Simone Caruso
- FW: attack on apache
  - From: Luisa Ester Navarro
- Re: FW: attack on apache
  - From: Tom Evans
- RE: attack on apache
  - From: Luisa Ester Navarro
- Re: attack on apache
  - From: Jeroen Geilman
- Re: attack on apache
  - From: Jaco Kroon

Prev by Date: Re: attack on apache
Next by Date: RE: attack on apache
Previous by thread: Re: attack on apache
Next by thread: RE: attack on apache
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]