Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Linux Advocate wrote:
> 
> 
> 
> 
> ----- Original Message ----
>> From: John R. Dennison <jrd@xxxxxxxxxxxx>
>>
>>     I stand by my previous advice - the box is compromised, can not
>>     be trusted, and as a responsible admin he should be working on
>>     re-installing it, evaluating what web-apps he had running that
>>     led to this in the first place and taking the appropriate steps
>>     to ensure it does not happen again.
>>
>>
> 
> 
> what steps should i take. i was running centos 5.2 fully updated. the web apps  or daemons i have running are from the repos.
> i have other mandriva boxes and they all are ok. i m just so surprised that a centos box got compromised.

There were dozens of security updates to php and related apps since the 
5.2 days.  You really have to keep anything exposed to the internet up 
to date and using secure passwords.  This almost certainly isn't a 
'centos' issue.  Someone probably used a default password to log into 
one of the php apps and exploit an old bug that let them write in a 
place that apache would execute something.  Odds are that they didn't 
get root and that you'd have a chance of cleaning it if you know what 
you are doing, but if you have to ask for advice on a mail list you 
probably shouldn't try.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux