your biggest priority firstly should be to lockdown this system. is firewall on? have u disabled unrequired services are your file permissions set to give access to the wrong people.Once that is done then I would suggest a reformat. sounds extreme but it is. it is quite hard for you to really know exactly what the intruder got into to or what they left behind. they may have left scripts or other nasties behind that they can use to gain access later.
Chris H. Carter Harris said the following:
How would one go about finding out how this system was compromised and how to fix it. I had two other sites that were damaged too. -----Original Message----- From: H. Carter Harris [mailto:carter-lists@xxxxxxxxxxxxx] Sent: Thursday, May 12, 2005 2:01 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] Problem moving websites It appears that you are correct ... thank you. v 2.0.48 -----Original Message----- From: Aman Raheja [mailto:araheja@xxxxxxxxxxxxxx] Sent: Thursday, May 12, 2005 1:14 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Problem moving websites It is always appreciated to know what apache version you are running and on what platform. As far as this message - it looks more like an intruder got in the box and put up this page, unless it is your default page. check the index file in your htdocs - it could be compromised system situation. Thanks Aman Raheja H. Carter Harris wrote:I'm trying to move some websites from one host to another. I thought I had the hosts setup the same but when I try to view the site on the new host I get the following message: core-project owned your b0x.. SAVE YOUR BOX.... This sounds horrible. I've checked vhosts.conf, permissions, etc but I'm not seeing my error.I'vegoogled for the message but nothing there helped. I get the same message when I go to the ip address. Any help would be appreciated.--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|