[users@httpd] Apache + AWSTATS = Vulnerability????

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kk, here is what I've got so far:

My system seems to be infected by some kind of trojan/worm/virus called Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via ssh (22). I found some related info saying that the intruder could be using a security flaw from AWSTATS + Apache to get a valid root bash session over port 80.

Now the intruder created a few files, infected some others and is using this scanport. I stopped the scanport by blocking the output of ssh in my iptables and could be able to erase some virus related files.

Now I want to know just 2 things:

First, how can I be sure that it all happened because of the awstats security flaw? Second, how could I completely remove this Unix/Hacktop from my system (Linux RedHat9 k2.4) ?

PS: I know that the second question doesn't have nothing to do with the httpd list at all, but if someone could plz help me, I would be really thankful! :)

Best Regards,
Anderson

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux