On Thu, 03 Mar 2005 18:27:20 -0800, Rob Tanner <rtanner@xxxxxxxxxxxx> wrote: > Hi, > > We have an unknown assailant twice beak into our main webserver as the > apache user (the user the web server runs as) and each time he plated > files in /var/tmp and caused the whole system to hang (RH Linux). I > don't know that he/she is coming in by taking advantage of an apache > bug or not, but here is the list of what's running in the server and > what I'm wondering is whether my problem sounds like a known issue with > any one of these packages/versions. The hacker might, of course, be > getting in via some entirely unrelated mechanism. > > Server: Apache/2.0.47 (Unix) mod_ssl/2.0.47 > OpenSSL/0.9.7a DAV/2 PHP/4.3.6 mod_jk/1.2.4 Well, you are several versions behind on some of those components and on Apache, so upgrading would definitely be a good idea. But the most likely source of the problem is some insecure cgi script or other script on your system. Check all your scripts for security problems. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|