No, I don't... --- Muhammad Rizwan <rizwan@xxxxxxxxxxxx> wrote: > > Are you using any hosting control panel? > > > > On Tue, 2005-03-15 at 18:41, Francisco Hidalgo Solá > wrote: > > Hi, my apache web server has been hacked and they > got > > root access, this is my major concern. > > > > I have apache-2.0.52 and all my main pages were > > changed to a HTML message written in WORD!!! (that > for > > sure says it was a script kiddie) > > I think they got root access since all my log > > directory is gone and they rewrote all index.* > files > > from all my filesystem directories with their own > > message, I've found two process running under the > user > > "apache", they are "r0nin" and "brk". > > The "who" command shows nothing, so it seems it > was > > changed. I've found some info on "r0nin" exploit > but > > nothing on "brk", both files are in /var/tmp. > There > > are also other files in /var/tmp, they are "dc" > > (executable), b.tgz and edy.tgz. > > As I said before, my major concern is root access. > I'm > > almost sure they got in with an insecure PHP > script, > > but as I see it (I could be wrong), this shouldn't > be > > a major problem, that can run scripts with the > > unprivileged account "apache" but thats all, > > nonetheless they got root access from that > > unprivileged account. > > Any ideas?, I don't know what to do. I've read > that > > the r0nin script opens a telnet session in port > 1666, > > but this cant be the problem, since this port is > > blocked by the firewall and they would get an > > unprivileged telnet access anyway, right?, I > didn't > > find any info about the other scrips, I still have > > them there if you need any other info. > > Thank you very much. > > > > Francisco > > > > > > > > > > > > > > > ___________________________________________________________ > > > 250MB gratis, Antivirus y Antispam > > Correo Yahoo!, el mejor correo web del mundo > > http://correo.yahoo.com.ar > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the > Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> > for more info. > > To unsubscribe, e-mail: > users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: > users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: > users-help@xxxxxxxxxxxxxxxx > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the > Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: > users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: > users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: > users-help@xxxxxxxxxxxxxxxx > > ___________________________________________________________ 250MB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx