I think it depends on how the scripts are being written there. From what I know, and I could be wrong, you would need to be running something on the server that would be giving the attacker some method of exploiting things. Whether this be some kind of control panel, or something. From my knowledge, and as I said, I again could be wrong, just plain static html pages wouldn't give the attacker the ability to write to the filesystem. Its usually in combination with a system running PHP and/or some kind of CGI script. If you want to stop them dead, uninstall perl and remove mod_cgi from apache if its installed. The .pl files require Perl to run. If you don't have it on the system, they simply wont run. But neither will anything else that uses perl. I wish I had some answers for you. I know how stressful these things can be. Thanks, Bill -----Original Message----- From: Farmer J [mailto:hackersreallysuck@xxxxxxxxx] Sent: Tuesday, September 27, 2005 11:05 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Machine compromised via apache 2.0.54... I think. We don't run PHP on this machine. There must be a way at the Web server level to prohibit it from writing scripts to the filesystem and then executing them. Right?? On 9/27/05, Station51 Donations <donations@xxxxxxxxxxxxx> wrote: > Hello, > > We discovered this problem on our own server quite some time ago. It was > linked to a problem with the forum software, phpBB. If you or anyone on the > server (customers etc) are running it, they should be advised to upgrade to > the latest versions. This also goes for any *Nuke software such as postnuke > and other content management systems. Their spaghetti coded and often have a > lot of security problems. Our servers are now forbidding clients to install > any nuke CMSes as well as install phpBB because we feel its simply not worth > the risk of our entire customer base. > > Someone here probably has more technical documentation about the specific > phpBB/webalizer bug I'm referring to. > > Thanks, > Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|