On Tuesday 27 September 2005 16:46, System Administrator wrote:
> I'm no expert on security, but it seems odd to me that a remote user
> could use apache to write to my /tmp directory and then execute the
> script. Any idea how this happened?
Almost certainly through some server extension, such
On 9/27/05, Farmer J <[EMAIL PROTECTED]> wrote:
> I guess I need to read up on securing apache. How do you secure a
> machine that runs cgi scripts when the users are able to upload their
> own scripts? It would be impossible to review every script on the
> machine to see if it is secure. There
: Farmer J [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 27, 2005 11:05 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Machine compromised via apache 2.0.54... I think.
We don't run PHP on this machine. There must be a way at the Web
server level to prohibit it from writing
We don't run PHP on this machine. There must be a way at the Web
server level to prohibit it from writing scripts to the filesystem and
then executing them. Right??
On 9/27/05, Station51 Donations <[EMAIL PROTECTED]> wrote:
> Hello,
>
> We discovered this problem on our own server quite some ti
chine compromised via apache 2.0.54... I think.
Because of many recent attacks on my machines in the last few months,
I built a new machine using a processor with a No-Execute bit. I put
all my sites on there with Apache 2.0.54 and patched everything to
date. I only allow port 80, 443, ftp and ssh to
On 9/27/05, Ricardo Stella <[EMAIL PROTECTED]> wrote:
>
> The fact you got hacked means that whatever happened before is still
> hapenning. That is, are you sure you don't have any odd cgi scripts
> running that could be easily compromised ?
>
> Yes, there are zero day exploits, but make sure all
The fact you got hacked means that whatever happened before is still
hapenning. That is, are you sure you don't have any odd cgi scripts
running that could be easily compromised ?
Yes, there are zero day exploits, but make sure all your other related
apps. are up to date. Ie, you could have old
Because of many recent attacks on my machines in the last few months,
I built a new machine using a processor with a No-Execute bit. I put
all my sites on there with Apache 2.0.54 and patched everything to
date. I only allow port 80, 443, ftp and ssh to reach the machine.
There is only one user
