I'd start by running strace on the Apache PID that's running bash - strace
-pPID, see man strace for more information. You may have to install the
package, if strace isn't currently installed. This should give you an idea of
what the process is doing, if anything.
You could also look for exec,
I think you can also check access log with grep if any call to bash script.
Thanks
Vishesh Kumar
http://linuxmantra.com/
On Mon, Nov 11, 2013 at 9:50 AM, Mauricio Tavares wrote:
> On Sun, Nov 10, 2013 at 9:36 PM, Rizwan Raza
> wrote:
> > There is a bunch of php scripts on the server. Not sure
On Sun, Nov 10, 2013 at 9:36 PM, Rizwan Raza wrote:
> There is a bunch of php scripts on the server. Not sure how to inspect and
> find out the hijacked piece. I would appreciate any suggestion(s)
>
You could start by seeing if any of the files have been changed
recently (OS-specific; are yo
There is a bunch of php scripts on the server. Not sure how to inspect and
find out the hijacked piece. I would appreciate any suggestion(s)
On Sun, Nov 10, 2013 at 6:55 PM, Nick Kew wrote:
>
> On 11 Nov 2013, at 00:15, Rizwan Raza wrote:
>
> > Notice the last two listings. What does that mean?
On 11 Nov 2013, at 00:15, Rizwan Raza wrote:
> Notice the last two listings. What does that mean? Is my Apache instance
> hacked?
Maybe.
The most likely origin of a shell from apache is from a script.
That could be a vulnerable script that's got hijacked, or a script
that intentionally runs a
Thanks Jeff, solved :).
From: Jeff Trawick [mailto:traw...@gmail.com]
Sent: Sunday, November 10, 2013 11:58 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Can't locate API module structure `mod_authz_host'
On Sun, Nov 10, 2013 at 5:52 PM, Juerg Reimann mailto:j...@jworld.ch> > wr
When I executed the command below
ps aux | grep apache
I got the following output
apache 16051 0.0 0.1 24676 4532 ?S15:04 0:00
/usr/sbin/httpd
apache 31784 0.2 0.4 40164 13424 ?S15:52 0:02
/usr/sbin/httpd
apache5412 1.5 0.4 41216 13776 ?S
On Sun, Nov 10, 2013 at 5:52 PM, Juerg Reimann wrote:
> I'm struggleing with an upgrade from Apache 2.2.25 to 2.4.6. The new
> version won't start with the following error:
>
> Syntax error on line 63 of /path/to/my/httpd.conf: Can't locate API module
> structure `mod_authz_host' in file
> /path/
I'm struggleing with an upgrade from Apache 2.2.25 to 2.4.6. The new version
won't start with the following error:
Syntax error on line 63 of /path/to/my/httpd.conf: Can't locate API module
structure `mod_authz_host' in file
/path/to/my/apache2/modules/mod_authz_host.so: ld.so.1: httpd: fatal:
I am attempting to set up the zend server and xampp on the same machine but
I am running into problems.
I came across documentation on the zend site that said you cannot do this.
However the folks over at apachefriends said you can.
I have since discovered that I can run some of the zendframework
http://www.if-not-true-then-false.com/2009/howto-hide-and-modify-apache-serv
er-information-serversignature-and-servertokens-and-hide-php-version-x-power
ed-by/
You will find it at the link above
p
From: John Hudak
Reply-To:
Date: Sat, 9 Nov 2013 00:21:53 -0500
To:
Subject: Re: [users@ht
11 matches
Mail list logo
