Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided?
Sent from my iPhone
It was not overwritten. If you looked on the server, it
was just fine.
But an executable was delivered instead. In any case, it
is gone
with the wind -- DBAN is now running on the server.
Hopefully,
the reinstallation will work better.
Mike.
Hmmm, index. Html is just default page??? Strange that that
it got overwritten by some executable
--
Dino Buljubasic
--
Dino Buljubasic
Cell 604 441 3560
Please pardon my brevity - sent from my mobile device. Please
excuse any typos.
On Jan 4, 2016 12:38, "Michael D. Berger" < m.d.berger@xxxxxxxx> wrote:
Following your suggestion, I made use of my daily backups
to install
the httpd.conf from two days ago, when all was well. The
problem was
the same. I tried sublitting a file to sophos, but I
would have to
join, and I am not ready for that. See also my next
email.
Still heading toward
DBAN.
Thanks,
Mike.
--
Michael D. Berger
m.d.berger@xxxxxxxx
http://www.rosemike.net/
> -----Original
Message-----
> From: Keith Roberts [mailto:keith.roberts@xxxxxxxxxxxx]
>
Sent: Monday, January 04, 2016 11:25
> To: users@xxxxxxxxxxxxxxxx
>
Subject: Re: Possible virus via httpd server
>
>
Hi Mike.
>
> You might like to send this to sophos for
analysis:
>
> https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
>
>
As index.html is the default page if nothing else is
> configured, has
your httpd.conf file been modified to server
> this binary file
instead of index.html?
>
> HTH,
>
> Keith
Roberts
>
> On 4 Jan 2016, at 16:18, Michael D. Berger
>
<m.d.berger@xxxxxxxx>
wrote:
>
> > Warning: This message contains unverified links
which may
> not be safe. You should only click links if you are
sure
> they are from a trusted source.
> > Examining with
Lemmy (A Windows version of VI), it looks
> like a binary
file.
> > Size is 181.4 KB.
> > I am considering my
favorite virus remover: DBAN, but it would take
> > several days
work to recover from that.
> >
> > Mike.
> >
--
> > Michael D. Berger
> > m.d.berger@xxxxxxxx
> > http://www.rosemike.net/
> >
> >
>
>> -----Original Message-----
> >> From: Daniel Beardsmore
[mailto:daniel@xxxxxxxxxxxxxxxxxxx]
>
>> Sent: Monday, January 04, 2016 05:03
> >> To: users@xxxxxxxxxxxxxxxx
>
>> Subject: RE: Possible virus via httpd server
>
>>
> >> Well, what do you see if you examine the file in a
text editor?
> >>
> >>> -----Original
Message-----
> >>> From: Michael D. Berger [mailto:m.d.berger@xxxxxxxx]
>
>>> Sent: 04 January 2016 05:03
> >>> To:
Apache-Users
> >>> Subject: Possible virus via
httpd server
> >>>
> >>> Using my WinXP
Firefox client to access my previously
> working httpd
>
>>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of
my
> >>> index.html . Do you think I have a virus on my
Linux box? I did
> >>> notice that my iptables is not
as tight as it should be.
> >>>
> >>>
--
> >>> Michael D. Berger
> >>> m.d.berger@xxxxxxxx
>
>>> http://www.rosemike.net/
> >>>
>
>>>
> >>>
> >>>
>
>>
>
---------------------------------------------------------------------
>
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>>>
> >>>
> >>
>
---------------------------------------------------------------------
>
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>>
> >
> >
> >
>
---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
>
---------------------------------------------------------------------
>
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
To
unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For
additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|
