On 4/3/2010 8:55 PM, Gil Vidals wrote:
Oleg, What kind of web application firewall (WAF) are you running on your web servers? If the answer is "none", then you will have many problems with malware and hackers. You must have proper security. Google "mod_security" or hire a web security guy to take care of your servers for you.
Excuse me?Props for the blatant plug but why would you ever say that a firewall is //absolutely// needed? By all counts, any modern machine should be Deny-By-Default, and security is something that must be implemented along the application's terms.
What it appears here is that someone took advantage of a buffer overflow somewhere
What needs to be asked are: a) What OS is this running: [ ] Windows [ ] Linux [ ] OSX/Darwin [ ] *BSD b) What services are running: [x] httpd - apache [x] sshd - Tell me its OpenSSH v2+... [ ] ftpd = If so, which one? [ ] mail [ ] other c) What was this server running? A corperate Intranet? Wordpress? Nothing in particular?As for the content of the data, it looks like its Big5 encoded... Possibly a message from someone?
Most common values are: 0xD0 0x20 0x95 0xD1 0xE2 Definitely looks big5 encoded, however I dont know for sure.In any direction, I'd look into at one point installing Tripwire -- And a good backup system if you dont have one already (can YOU degauss your main disk?)
-- Morgan Gangwere >> Why?> Because it breaks the logical flow of conversation, plus makes messages unreadable.
>>> Top-Posting is evil. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|