Re: Someone hacked my apache2 server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/3/2010 8:55 PM, Gil Vidals wrote:
Oleg,

What kind of web application firewall (WAF) are you running on your web
servers? If the answer is "none", then you will have many problems with
malware and hackers.  You must have proper security. Google
"mod_security" or hire a web security guy to take care of your servers
for you.
Excuse me?
Props for the blatant plug but why would you ever say that a firewall is //absolutely// needed? By all counts, any modern machine should be Deny-By-Default, and security is something that must be implemented along the application's terms.

What it appears here is that someone took advantage of a buffer overflow somewhere

What needs to be asked are:
a) What OS is this running:
[ ] Windows [ ] Linux [ ] OSX/Darwin [ ] *BSD
b) What services are running:
[x] httpd - apache
[x] sshd  - Tell me its OpenSSH v2+...
[ ] ftpd  = If so, which one?
[ ] mail
[ ] other
c) What was this server running?
A corperate Intranet? Wordpress? Nothing in particular?

As for the content of the data, it looks like its Big5 encoded... Possibly a message from someone?
Most common values are:
0xD0 0x20 0x95 0xD1 0xE2

Definitely looks big5 encoded, however I dont know for sure.

In any direction, I'd look into at one point installing Tripwire -- And a good backup system if you dont have one already (can YOU degauss your main disk?)
--
Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes messages unreadable.
>>> Top-Posting is evil.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux