Hello, I have a server running CentOS 4.3 with all the latest updates. The
server in question has been hacked by spammers a few times. The details
of the hack have been basically the same every time. I find some
directory created by the apache user account in /tmp. The new directory
contains an html file, and a list of email addresses to spam and a perl
script that spams all those email addresses with the html file.
My question is why is this happening? Obviously it's some apache exploit.
I have removed mod_perl, that didn't help. I have now changed the
permissions on the perl executable, that might help we will see, but that
doesn't address the core problem. How is it that someone can upload
arbitrary files to my server and then execute an arbitrary command via
apache.
Is this a know problem? Have others seen it? What can I do to help
prevent this?
I've also been hacked a couple of times with this sort of exploits. In my
case, il was an exploit in awstats, a weblog analyser. If you have it, I
strongly suggest you get up to the latest version...
Also, if you have php scripts installed, they are a frequent source of
security holes.s
Nicolas
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
