Re: attack on apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On 12/01/12 00:14, Jeroen Geilman wrote:
On 01/11/2012 10:10 PM, Jaco Kroon wrote:
On 11/01/12 22:37, Luisa Ester Navarro wrote:


J. 
Thanks Jeron:
            any idea how to start researching which is the leaky script
Cheers
Luisa
Hehe, this is where they say, RTFS, or as Jeron suggested, see if you can correlate something in the logs.  If apache is still running and you happen to have mod_info, it's useful as it at least gives you the paths being processed, often the "child script" will hold up the processing and you can then spot the script in use in the mod_info data, in other cases, it's a wild goose chase.

I think you are referring to the server-status handler provided by mod_status, which shows the URIs currently being served if you set the gloabl option ExtendedStatus to On.
Of course you right - my mistake.

Kind Regards,
Jaco
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux