quick stop/start or reboot should
> fix the problem.
>
> Good Luck!
>
> Dan
>
>
> Please respond to users@httpd.apache.org
>
> To: users@httpd.apache.org
> cc: (bcc: Dan Mitton/YD/RWDOE)
> Subject:Re: [us...@httpd] Someone hacked my apache2 serve
n/YD/RWDOE)
Subject: Re: [us...@httpd] Someone hacked my apache2 server
LSN: Not Relevant
User Filed as: Not a Record
Oh, ok. I got it. I have already disabled it (actually, immediately after
the attack).
Thanks for the advice. I appreciate!
Oleg.
On Sun, Apr 4, 2010 at 5:52 PM, Daniel
On 4/4/2010 4:17 AM, Lester Caine wrote:
[a bunch of CHARs]
Looking that the logs that were posted, there's nothing out of the
ordinary, just people hammering a server for attempts in.
This is more and more looking like a DNS attack.
--
Morgan Gangwere
>> Why?
> Because it breaks the logical
: 04 April, 2010 13:39
>
> To:
> Subject: Re: [us...@httpd] Someone hacked my apache2 server
>
>
> Yes, there is a MySQL server. And actually, I noticed that - while the
>> server was returning the mentioned hacked page, mysql process was on top
>> of
>> the list
--
From: "Oleg Goryunov"
Sent: 04 April, 2010 13:39
To:
Subject: Re: [us...@httpd] Someone hacked my apache2 server
Yes, there is a MySQL server. And actually, I noticed that - while the
server was returning the mentioned hacked p
2010 21:03
> To:
> Subject: [us...@httpd] Someone hacked my apache2 server
>
> Hello all,
>> It looks like someone hacked my apache2 server and I am trying to
>> understand
>> how this could have happened.
>> This is what happened:
>> All of a sudden the server
--
From: "Oleg Goryunov"
Sent: 03 April, 2010 21:03
To:
Subject: [us...@httpd] Someone hacked my apache2 server
Hello all,
It looks like someone hacked my apache2 server and I am trying to understand
how this could have happened.
Th
Oleg Goryunov wrote:
A good explanation I received from a datacenter where I have the server:
"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think
A good explanation I received from a datacenter where I have the server:
"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think their server is
the
gat
Lester,
Yes, I assume it might be a third party problem, not my server problem, but
I need to be sure.
If it was not my local DNS hack, since at least two people from different
networks, from different cities (me and another person) observed the same
behavior. Another point is that the hacked page
Morgan
I did not have Tripwire installed. Will do that :) The problem is that I
can't find the files that were modified. As I indicated in the initial
email, the hackers page started to show up at some point, then STOPPED,
then, in 20 minutes started again, nd then stopped again. After that I shut
Oleg Goryunov wrote:
Any help is appreciated.
Oleg - Does YOUR copy of the index page look OK reading it as a file?
What no one has mentioned is that DNC servers have been hacked and could be
doing the re-routing. It may not be YOUR site which is compromised.
I can view my own sites 'locall
On 4/3/2010 8:55 PM, Gil Vidals wrote:
Oleg,
What kind of web application firewall (WAF) are you running on your web
servers? If the answer is "none", then you will have many problems with
malware and hackers. You must have proper security. Google
"mod_security" or hire a web security guy to ta
Yes,the hacker is from China.
the subfix "9966.org" is provided by the biggest DynDNS ISP of China.
Best regards,
Sharl.Jimh.Tsin
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apac
On 4/3/2010 4:24 PM, Oleg Goryunov wrote:
THe problem is that I do not see any files changed on the server (and
thus cannot check the owner of them). Where should I look for the
possible evidence of someone else being there?
Do you have Tripwire installed?
If so, just look at its logs :)
Othe
Nick,
Thanks for your reply.
THe problem is that I do not see any files changed on the server (and thus
cannot check the owner of them). Where should I look for the possible
evidence of someone else being there?
On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew wrote:
>
> On 3 Apr 2010, at 22:20, Oleg Go
On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:
> Hello all,
> It looks like someone hacked my apache2 server and I am trying to understand
> how this could have happened.
> This is what happened:
Yep, someone's been there. Take it off the 'net, if you haven't already!
And get someone competent
Hello all,
It looks like someone hacked my apache2 server and I am trying to understand
how this could have happened.
This is what happened:
All of a sudden the server - in response to a web-browser request for a page
- started to give a full screen of unknown characters (looked like a long
text wi
18 matches
Mail list logo
