Re: [users@httpd] Please help... apache hacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Morgan Gangwere wrote:
> On 7/15/06, Ricardo Kleemann <ricardo@xxxxxxxxxxxxxxx> wrote:
>> Thanks Max.
>>
>> > A first look shows that the script "bots.txt" currently available
>> targets
>> > vulnerable installation of "Joomla" and "Mambo". There are some
>> > vulnerabilities reported for the included phpBB and an extension called
>> > perForms.
>>

<snip>

> 
> does ANYBODY even know what bots.txt even DOES?

Clearly not you.

> bots.txt should look like this:
> 
> accept all
> reject altaVista
> 
> look at virussin.com/bots.txt to see what it SHOULD do... its for
> SEARCH EINGINES. the bot grabs it, looks at it, and it its on the
> white list of eingines, it caches the site, if its on the blacklist
> (reject), it sulks away into a corner...

Don't confuse the widely known "robots.txt" file, which is the main
component of the Web Robots Exclusion Standard, with a file that happens
to be called "bots.txt"

A cursory examination of this particular "bots.txt" file seems to
indicate that it creates an IRC server.


Ricardo:

If this server is hosted for you, contact your host and inform them that
the machine is probably compromised.  They'll probably know what to do.


If, instead, you operate the machine, then take it off the internet and
backup any data you need from it, using a local network connection only.
 You will need to scan this data separately, to ensure it doesn't
contain any hostile code.

There are ways of disinfecting a server, but if you're not confident
about your server management skills, the safest way is to format the
disk and start again.

Install a fresh OS, and before you put it on the internet look up and
install: IPTables and an AntiVirus package (ClamAV?).

It's a good opportunity to install up-to-date versions of all your apps,
and ensure that you don't have out-of-date software on your machine.


Good luck.

p








---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux