RE: Possible virus via httpd server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Following your suggestion, I made use of my daily backups to install
the httpd.conf from two days ago, when all was well. The problem was
the same.  I tried sublitting a file to sophos, but I would have to
join, and I am not ready for that.  See also my next email.

Still heading toward DBAN.

Thanks,
Mike.

--
Michael D. Berger
m.d.berger@xxxxxxxx
http://www.rosemike.net/
  

> -----Original Message-----
> From: Keith Roberts [mailto:keith.roberts@xxxxxxxxxxxx] 
> Sent: Monday, January 04, 2016 11:25
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Possible virus via httpd server
> 
> Hi Mike.
> 
> You might like to send this to sophos for analysis:
> 
> https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
> 
> As index.html is the default page if nothing else is 
> configured, has your httpd.conf file been modified to server 
> this binary file instead of index.html?
> 
> HTH,
> 
> Keith Roberts
> 
> On 4 Jan 2016, at 16:18, Michael D. Berger 
> <m.d.berger@xxxxxxxx> wrote:
> 
> > Warning: This message contains unverified links which may 
> not be safe.  You should only click links if you are sure 
> they are from a trusted source.
> > Examining with Lemmy (A Windows version of VI), it looks 
> like a binary file.
> > Size is 181.4 KB.
> > I am considering my favorite virus remover: DBAN, but it would take 
> > several days work to recover from that.
> > 
> > Mike.
> > --
> > Michael D. Berger
> > m.d.berger@xxxxxxxx
> > http://www.rosemike.net/
> > 
> > 
> >> -----Original Message-----
> >> From: Daniel Beardsmore [mailto:daniel@xxxxxxxxxxxxxxxxxxx]
> >> Sent: Monday, January 04, 2016 05:03
> >> To: users@xxxxxxxxxxxxxxxx
> >> Subject: RE:  Possible virus via httpd server
> >> 
> >> Well, what do you see if you examine the file in a text editor?
> >> 
> >>> -----Original Message-----
> >>> From: Michael D. Berger [mailto:m.d.berger@xxxxxxxx]
> >>> Sent: 04 January 2016 05:03
> >>> To: Apache-Users
> >>> Subject:  Possible virus via httpd server
> >>> 
> >>> Using my WinXP Firefox client to access my previously 
> working httpd
> >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my 
> >>> index.html .  Do you think I have a virus on my Linux box?  I did 
> >>> notice that my iptables is not as tight as it should be.
> >>> 
> >>> --
> >>> Michael D. Berger
> >>> m.d.berger@xxxxxxxx
> >>> http://www.rosemike.net/
> >>> 
> >>> 
> >>> 
> >>> 
> >> 
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>> 
> >>> 
> >> 
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >> 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux