Problem solved, and it was not a virus. I have a complex
cgi writen in C++.
While DBAN was running, it occured to me that the binary file
I was getting
was around the same size as my cgi binary. After the
reinstallation, diff
informed that it was in fact the cgi I was getting, the
notwithstanding the
peculiar names. I reread the cgi documentation and
spent some time
trying variations in my config. I then decided to
take a look at 01-cgi.conf,
which is included in httpd.conf . There I read that what it
did depended on
the results of 00-mpm.config . I immediately (after wasting
2-3 days)
suspected an order problem in the includes, and sure enough,
they were
out of order, which I corrected in under one minute. It
now works with
no problem.
Thanks for your efforts and interest.
Mike.
Interesting....let us know what you find.
Sent from my
iPhone
I don't think index.html was changed, but I only took a
quick look.
I have it backed up in a tgz file, so when the Linux box
comes back up
(maybe tomorrow), I'll take a closer
look
It is also possible that there was something wrong with
httpd.config .
It is quite complex, with numerous RewriteRule, etc.
However, even
when I commented out ALL the virtual hosts, the
problem persisted.
But if I left a simple vhost and put a RewiteRule that
(for reasons that I don't
know) it didn't like, then it returned a failure.
When I put it back together,
I'll build up httpd.config slowly.
Thanks,
Mike.
Was the index.html file modified in anyway? Did it call the
executable? Any rewrites or any other files added to the path
index.html resided?
Sent from my iPhone
It was not overwritten. If you
looked on the server, it was just fine.
But an executable was delivered
instead. In any case, it is gone
with the wind -- DBAN is now running on
the server. Hopefully,
the reinstallation will work
better.
Mike.
Hmmm, index. Html is just default page??? Strange
that that it got overwritten by some executable
-- Dino Buljubasic
-- Dino Buljubasic Cell 604 441 3560
Please pardon my brevity - sent from my mobile
device. Please excuse any typos.
On Jan 4, 2016 12:38, "Michael D. Berger"
< m.d.berger@xxxxxxxx>
wrote:
Following your suggestion, I made use of my daily
backups to install the httpd.conf from two days ago, when all was
well. The problem was the same. I tried sublitting a file
to sophos, but I would have to join, and I am not ready for
that. See also my next email.
Still heading toward
DBAN.
Thanks, Mike.
-- Michael D. Berger m.d.berger@xxxxxxxx http://www.rosemike.net/
>
-----Original Message----- > From: Keith Roberts [mailto:keith.roberts@xxxxxxxxxxxx] >
Sent: Monday, January 04, 2016 11:25 > To: users@xxxxxxxxxxxxxxxx >
Subject: Re: Possible virus via httpd
server > > Hi Mike. > > You might like to
send this to sophos for analysis: > > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx > >
As index.html is the default page if nothing else is >
configured, has your httpd.conf file been modified to server >
this binary file instead of index.html? > >
HTH, > > Keith Roberts > > On 4 Jan 2016, at
16:18, Michael D. Berger > <m.d.berger@xxxxxxxx>
wrote: > > > Warning: This message contains
unverified links which may > not be safe. You should
only click links if you are sure > they are from a trusted
source. > > Examining with Lemmy (A Windows version of VI),
it looks > like a binary file. > > Size is 181.4
KB. > > I am considering my favorite virus remover: DBAN,
but it would take > > several days work to recover from
that. > > > > Mike. > > -- > >
Michael D. Berger > > m.d.berger@xxxxxxxx >
> http://www.rosemike.net/ > > >
> > >> -----Original Message----- > >>
From: Daniel Beardsmore [mailto:daniel@xxxxxxxxxxxxxxxxxxx] >
>> Sent: Monday, January 04, 2016 05:03 > >> To:
users@xxxxxxxxxxxxxxxx >
>> Subject: RE: Possible virus via httpd
server > >> > >> Well, what do you see if
you examine the file in a text editor? > >> >
>>> -----Original Message----- > >>> From:
Michael D. Berger [mailto:m.d.berger@xxxxxxxx] >
>>> Sent: 04 January 2016 05:03 > >>> To:
Apache-Users > >>> Subject: Possible
virus via httpd server > >>> > >>>
Using my WinXP Firefox client to access my previously >
working httpd > >>> 2.4 server on Fedora 23 gets a
file named 1OfvyQ5L instead of my > >>> index.html
. Do you think I have a virus on my Linux box? I
did > >>> notice that my iptables is not as tight as
it should be. > >>> > >>> -- >
>>> Michael D. Berger > >>> m.d.berger@xxxxxxxx >
>>> http://www.rosemike.net/ >
>>> > >>> > >>> >
>>> > >> >
--------------------------------------------------------------------- >
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >
>>> > >>> > >> >
--------------------------------------------------------------------- >
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >
>> > > > > > > >
--------------------------------------------------------------------- >
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >
> > > >
--------------------------------------------------------------------- >
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >
--------------------------------------------------------------------- To
unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For
additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|