Interesting....let us know what you find.
Sent from my iPhone
I don't think index.html was changed, but I only took a quick
look.
I have it backed up in a tgz file, so when the Linux box comes
back up
(maybe tomorrow), I'll take a closer look
It is also possible that there was something wrong with
httpd.config .
It is quite complex, with numerous RewriteRule, etc.
However, even
when I commented out ALL the virtual hosts, the problem
persisted.
But if I left a simple vhost and put a RewiteRule that (for
reasons that I don't
know) it didn't like, then it returned a failure. When I
put it back together,
I'll build up httpd.config slowly.
Thanks,
Mike.
Was the index.html file modified in anyway? Did it call the
executable? Any rewrites or any other files added to the path index.html
resided?
Sent from my iPhone
It was not overwritten. If you looked on the server,
it was just fine.
But an executable was delivered instead. In any
case, it is gone
with the wind -- DBAN is now running on the server.
Hopefully,
the reinstallation will work better.
Mike.
Hmmm, index. Html is just default page??? Strange that
that it got overwritten by some executable
--
Dino Buljubasic
--
Dino Buljubasic
Cell 604 441 3560
Please pardon my brevity - sent from my mobile device.
Please excuse any typos.
On Jan 4, 2016 12:38, "Michael D. Berger" < m.d.berger@xxxxxxxx> wrote:
Following your suggestion, I made use of my daily
backups to install
the httpd.conf from two days ago, when all was
well. The problem was
the same. I tried sublitting a file to
sophos, but I would have to
join, and I am not ready for that.
See also my next email.
Still heading toward
DBAN.
Thanks,
Mike.
--
Michael D. Berger
m.d.berger@xxxxxxxx
http://www.rosemike.net/
> -----Original
Message-----
> From: Keith Roberts [mailto:keith.roberts@xxxxxxxxxxxx]
>
Sent: Monday, January 04, 2016 11:25
> To: users@xxxxxxxxxxxxxxxx
>
Subject: Re: Possible virus via httpd
server
>
> Hi Mike.
>
> You might like to send
this to sophos for analysis:
>
> https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
>
>
As index.html is the default page if nothing else is
> configured,
has your httpd.conf file been modified to server
> this binary
file instead of index.html?
>
> HTH,
>
> Keith
Roberts
>
> On 4 Jan 2016, at 16:18, Michael D.
Berger
> <m.d.berger@xxxxxxxx>
wrote:
>
> > Warning: This message contains unverified
links which may
> not be safe. You should only click links
if you are sure
> they are from a trusted source.
> >
Examining with Lemmy (A Windows version of VI), it looks
> like a
binary file.
> > Size is 181.4 KB.
> > I am
considering my favorite virus remover: DBAN, but it would take
>
> several days work to recover from that.
> >
> >
Mike.
> > --
> > Michael D. Berger
> > m.d.berger@xxxxxxxx
> >
http://www.rosemike.net/
> >
>
>
> >> -----Original Message-----
> >> From:
Daniel Beardsmore [mailto:daniel@xxxxxxxxxxxxxxxxxxx]
>
>> Sent: Monday, January 04, 2016 05:03
> >> To: users@xxxxxxxxxxxxxxxx
>
>> Subject: RE: Possible virus via httpd
server
> >>
> >> Well, what do you see if you
examine the file in a text editor?
> >>
> >>>
-----Original Message-----
> >>> From: Michael D. Berger
[mailto:m.d.berger@xxxxxxxx]
>
>>> Sent: 04 January 2016 05:03
> >>> To:
Apache-Users
> >>> Subject: Possible virus
via httpd server
> >>>
> >>> Using my
WinXP Firefox client to access my previously
> working
httpd
> >>> 2.4 server on Fedora 23 gets a file named
1OfvyQ5L instead of my
> >>> index.html . Do you
think I have a virus on my Linux box? I did
> >>>
notice that my iptables is not as tight as it should be.
>
>>>
> >>> --
> >>> Michael D.
Berger
> >>> m.d.berger@xxxxxxxx
>
>>> http://www.rosemike.net/
> >>>
>
>>>
> >>>
> >>>
>
>>
>
---------------------------------------------------------------------
>
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>>>
> >>>
> >>
>
---------------------------------------------------------------------
>
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>>
> >
> >
> >
>
---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
>
---------------------------------------------------------------------
>
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
To
unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For
additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|
