Re: deleted perl hacks in /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

>> I have some web servers which occasionally have hacks that are uploaded that
>> change their name to look like apache and somehow get apache to send requests
>> to them.  The result is that people somewhat randomly get pages advertising
>> self enhancing drugs etc.  The hacks are perl scripts, but they are run from

Have you thought about the applications that you have running under
apache that may be causing this, such as an outdated wordpress,
joomla, phpmyadmin, etc?

It's very likely that it's a vulnerable application causing it, and
the only real fix is to disable the application or update it so it's
no longer vulnerable.

Maybe run one of the security scanners that are out there, such as
websecurify, nessus, or one of the multitudes of Windows scanners. Try
this list:

http://www.dmoz.org/Computers/Security/Internet/Products_and_Tools/Security_Scanners/

Most are easy to set up, pretty comprehensive, and may give you a
direction to head.

Best,
Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux