Re: Signs of Apache Web Server been hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There is a bunch of php scripts on the server. Not sure how to inspect and find out the hijacked piece. I would appreciate any suggestion(s)


On Sun, Nov 10, 2013 at 6:55 PM, Nick Kew <nick@xxxxxxxxxxxx> wrote:

On 11 Nov 2013, at 00:15, Rizwan Raza wrote:

> Notice the last two listings. What does that mean? Is my Apache instance hacked?

Maybe.

The most likely origin of a shell from apache is from a script.
That could be a vulnerable script that's got hijacked, or a script
that intentionally runs a shell.  Processes hanging around
could mean a script that didn't run&exit cleanly (and should
be fixed).

Take a long hard look at your scripts, and look for any clues
in your error log.

--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux