List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Mon, 2004-02-02 at 20:06, Matthias F. Brandstetter wrote:
> Hi all security gurus,
> recently I had a sec. issue with an Apache install. This box is hosting
> several virtual domains, one was hacked last night :(
> Until I can update the webserver, I need to know 3 things:
You really should not wait on getting this thing updated.
And in reality you should also halted this box now and a dd backup
should be made for later examination.
If you need to look around poke around at all it should all be done
while the disk is mounted read-only.
> 1.) how could this guy(s) could get access to this machine,
(this guy could be a worm)
> 2.) how can one get shell access after exploitng Apache, and
It depends on the attack vector that was used.
Without knowing versions of anything here it's hard to answer this
question. See #3
> 3.) how to prevent similar attacks in the future?
For a second lets assume it was the this
arbitrary code execution via the stack or heap. If that the case then
your going to want something like PaX && || Grsec.
depending on your needs. http://pax.grsecurity.net &
Note: PaX is included with grsecurity
> ANY hints, tips, links and suggestions are welcome!
> Greetings and TIA, Matthias
Ned Ludd <email@example.com>
Gentoo Linux Developer
signature.asc (This is a digitally signed message part)