Re: Someone hacked my apache2 server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:

> Hello all,
> It looks like someone hacked my apache2 server and I am trying to understand how this could have happened.
> This is what happened:

Yep, someone's been there.  Take it off the 'net, if you haven't already!
And get someone competent to look: anyone on a list like this
can only speculate!

First question, who has non-WWW access, particularly a shell?
If the offending files are owned by a user other than the webserver,
it's not likely to have happened through the server.  And if that's
happened, you may want to reinstall the server starting with a clean
operating system install.

If it did happen through the server, what apps let you upload contents?
The usual suspect in cases like this is some shoddy PHP app.  You might also
want to fire the admin who left contents space writable by the web user!

-- 
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux