Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: "Matthias F. Brandstetter" <haimat@...>
From: Ned Ludd <solar@g.o>
Subject: Re: hacked via Apache/PHP/CGI/...?
Date: 02 Feb 2004 22:03:28 -0500
On Mon, 2004-02-02 at 20:06, Matthias F. Brandstetter wrote:
> Hi all security gurus,
> 
> recently I had a sec. issue with an Apache install. This box is hosting 
> several virtual domains, one was hacked last night :(
[snip]

> 
> Until I can update the webserver, I need to know 3 things:
You really should not wait on getting this thing updated.
And in reality you should also halted this box now and a dd backup
should be made for later examination.
If you need to look around poke around at all it should all be done
while the disk is mounted read-only.

> 1.) how could this guy(s) could get access to this machine,
(this guy could be a worm)

> 2.) how can one get shell access after exploitng Apache, and
It depends on the attack vector that was used.
Without knowing versions of anything here it's hard to answer this
question. See #3

> 3.) how to prevent similar attacks in the future?
For a second lets assume it was the this 
arbitrary code execution via the stack or heap. If that the case then
your going to want something like PaX && || Grsec.
depending on your needs. http://pax.grsecurity.net &
http://grsecurity.net
Note: PaX is included with grsecurity

> 
> ANY hints, tips, links and suggestions are welcome!
> Greetings and TIA, Matthias
-- 
Ned Ludd <solar@g.o>
Gentoo Linux Developer
Attachment:
signature.asc (This is a digitally signed message part)
References:
hacked via Apache/PHP/CGI/...?
-- Matthias F. Brandstetter
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
hacked via Apache/PHP/CGI/...?
Next by thread:
my security faqs?
Previous by date:
hacked via Apache/PHP/CGI/...?
Next by date:
my security faqs?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.