|
> Date: Fri, 13 Jan 2012 15:32:55 -0500 > To: users@xxxxxxxxxxxxxxxx > From: stormy22@xxxxxxxxx > Subject: Re: attack on apache - solved - > > At 04:48 PM 1/13/2012 -0300, you wrote: > >Thanks a lot to everyone who help me to solve the problem. > >I had installed phpmyadmin and they used it to attack my server. > >I found this in /var/log/httpd/access_log > > Was your compile of apache2 "prefork" or "worker"? And could you be a > little more explicit with what you found in your logs (without compromising > security?) > > I'm interested because I have a "worker" compile of 2.2.17 that I will > shortly be changing either to FastCGI or prefork, because of php that > requires libapache2-mod-php5, which in turn depends on apache2-mpm-prefork > (> 2.0.52) and apache2-mpm-itk. > > tnx - paul > > My apache is compiled with prefork. My phpmyadmin must be used only from my internal network with user and passwd (I thought this ). When I was looking at my access_log I saw that it was being used from and external ip. The messages in my logfile is: xx.xxx.xx.xx "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 14049 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]" xx.xxx.xxx.xx "POST /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 - "http://xxx.xx.xx.xx/admin/phpmyadmin/scripts/setup.php\r" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]" Now I just remove some permissions until I find a real solution . I am using Centos 5.7. Cheers Luisa > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > |
|