php error?!
Could someone tell me why I still get these messages in apache? Premature end of script headers: /usr/lib/cgi-bin/php4 Is there something wrong with php in debian package? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
does virus ELF.OSF.8759 affect debian?
Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? thanks ELF.OSF.8759 Alias: Linux.Osf.8759 Category: UNIX/Linux Type: Virus Wild: Destructiveness: Pervasiveness: CHARACTERISTICS OSF.8759 is a Linux virus infecting ELF executable programs. OSF consists of two quite distinct parts: a viral part and a backdoor part. The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 201 files in the current directory as well as up to 201 files in the /bin directory. The virus avoids infecting the ?ps? program (and all programs with names ending with the string ?ps?). Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2. The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: ?/bin/sh ?c command?. - Narancs v1 IT Security Administrator Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 06:24:01PM +0200, Narancs v1 wrote: Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? If you run an infected file - yes. Otherwise - i don't think so (they don't say if it exploits any vulnerabilities other than user's stupidity/ignorance). Basically, if you run binaries from an unsafe source, you get what you deserve. Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 07:46:22PM +0200, Marcin Owsiany wrote: On Wed, Apr 10, 2002 at 06:24:01PM +0200, Narancs v1 wrote: Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? If you run an infected file - yes. Otherwise - i don't think so (they don't say if it exploits any vulnerabilities other than user's stupidity/ignorance). Basically, if you run binaries from an unsafe source, you get what you deserve. And another reason not to run as root... -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R Wasabi, '98 Kawi EX500 Harlot, '94 BMW K75s Brick When approaching a four-way stop, the vehicle with the largest tires always has the right of way. msg06295/pgp0.pgp Description: PGP signature
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 10:52:38AM -0700, Brandon High wrote: And another reason not to run as root... Compile from source is a good idea too. It's amazing what you can find in the source. I found a couple of stupid Trojans that way. system(mail /etc/passwd [EMAIL PROTECTED]); *sigh* -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06296/pgp0.pgp Description: PGP signature
Re: does virus ELF.OSF.8759 affect debian?
wow, that's bad! where did you find that evil code? jmb At 02:44 PM 4/10/02 -0700, Anne Carasik wrote: On Wed, Apr 10, 2002 at 10:52:38AM -0700, Brandon High wrote: And another reason not to run as root... Compile from source is a good idea too. It's amazing what you can find in the source. I found a couple of stupid Trojans that way. system(mail /etc/passwd [EMAIL PROTECTED]); *sigh* -Anne -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 05:46:24PM -0400, Dominique Fortier wrote: Basically, if you run binaries from an unsafe source, you get what you deserve. Man, I try to be a honnest individual, I hope I don't deserve something like that ! ..., Is there such a thing has a 100% safe source for binaries ? Check the PGP key (or GnuPG key) and the md5 checksum from the source (as long as you trust the source). Even trusted sources (like ftp.porcupine.org/pub/security) get hit with Trojan horses. Always check the digital signatures and the checksums! Debian does this when you do an apt-get, I believe. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06299/pgp0.pgp Description: PGP signature
ipfwadm and ssh forwarding
Hello, i have an old cobalt cube on my network running a cutom 2.0.34 kernel, that i'm finding is going to be really hard to upgrade, it's not running debian, but everything else in here is :) so i'm only asking here because i've read the docs and tried everywhere else for help. anyway, it has ipfwadm(note: ipmasqadm is not on it) tool for handling masqing and filtering, it's currently set up to masq everything from inside to outside, and nothing else. i have a server inside running backups, pulling data from web servers remotely, that is working great, however, i need to be able to ssh into that machine from the outside, there's only one real (external) ip that's attatched to the cube, can i, using ipfwadm, set it up to route any ssh requests to that machine on that ip to the interal backup server? i've tried everything, i'm just not that familiar with firewalling, if it's possible can someone send me a sample script with the appropriate rules to forward those packets? thanks in advance for you help. signature.asc Description: This is a digitally signed message part
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 02:54:26PM -0700, Anne Carasik wrote: with Trojan horses. Always check the digital signatures and the checksums! Debian does this when you do an apt-get, I believe. I think there's support for it in later versions of apt-get, but not with the one included with Potato. -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R Wasabi, '98 Kawi EX500 Harlot, '94 BMW K75s Brick Speeling mistakes only bother people who are illiterate. msg06301/pgp0.pgp Description: PGP signature
security updates for hppa
I'm new to debian linux, and I am having trouble finding the security updates for the HPPA system. I have looked all through http://security.debian.org/dists/ I found the updates for the other ports, but not hppa. Any thoughts on where I might find them or what to put in the sources.list file? I think I installed 'woody' from the 0.9.3 CD. I am also using the 32bit kernel. TIA, Chris. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security updates for hppa
Chris Gray [EMAIL PROTECTED] writes: I'm new to debian linux, and I am having trouble finding the security updates for the HPPA system. I have looked all through http://security.debian.org/dists/ I found the updates for the other ports, but not hppa. Any thoughts on where I might find them or what to put in the sources.list file? I think I installed 'woody' from the 0.9.3 CD. I am also using the 32bit kernel. security.debian.org only contains security updates for the stable distribution which is still potato. The hppa port was not released with potato, hence no security updates at security.debian.org. You will have to get the updates from unstable. HTH, -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
log the original source ipaddress
dear, i have webserver (running on localnet rfc1918) stay behind a firewall (using rinetd for redirecting), the apache's log read all access from the internal interface's firewall instead of the original source address. any idea how can i log the original source ipaddress's anyone who access my webserver even i use redirecting..? thx, N. A. Hilal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: log the original source ipaddress
i'm not familiar with rinetd, but if you use netfilter to do dnat the source address will be maintained. just make sure internal boxes hit the webserver directly, on the internal ip, rather than through the external one so they don't get confused by packets coming back directly from the web server. something like this should work: /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $EXTIP --dport 80 \ -j DNAT --to-destination $WEBSERVER:80 /sbin/iptables -A FORWARD -p tcp -d $WEBSERVER --destination-port 80 -j ACCEPT xn On Wed, Apr 10, 2002 at 11:01:25AM +0700, N. A. Hilal wrote: dear, i have webserver (running on localnet rfc1918) stay behind a firewall (using rinetd for redirecting), the apache's log read all access from the internal interface's firewall instead of the original source address. any idea how can i log the original source ipaddress's anyone who access my webserver even i use redirecting..? thx, N. A. Hilal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
php error?!
Could someone tell me why I still get these messages in apache? Premature end of script headers: /usr/lib/cgi-bin/php4 Is there something wrong with php in debian package? Regards Michal Novotny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
does virus ELF.OSF.8759 affect debian?
Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? thanks ELF.OSF.8759 Alias: Linux.Osf.8759 Category: UNIX/Linux Type: Virus Wild: Destructiveness: Pervasiveness: CHARACTERISTICS OSF.8759 is a Linux virus infecting ELF executable programs. OSF consists of two quite distinct parts: a viral part and a backdoor part. The virus checks if its code is executed under the debugger and if so, it skips the file infection routine altogether. This routine is also avoided if the infected file is executed from the /proc or /dev directories. Otherwise, it infects up to 201 files in the current directory as well as up to 201 files in the /bin directory. The virus avoids infecting the ?ps? program (and all programs with names ending with the string ?ps?). Infected files increase their size by 8759 bytes. The virus marks all infected programs by setting a value of the byte at offset 0x0A to 2. The backdoor procedure establishes a server listening on port 3049 (or higher). Depending on the contents of packets received from a client OSF may present a remote user with an interactive shell or execute commands on a local system using the syntax: ?/bin/sh ?c command?. - Narancs v1 IT Security Administrator Warning: This is a really short .sig! Vigyazat: ez egy nagyon rovid szig! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 06:24:01PM +0200, Narancs v1 wrote: Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? If you run an infected file - yes. Otherwise - i don't think so (they don't say if it exploits any vulnerabilities other than user's stupidity/ignorance). Basically, if you run binaries from an unsafe source, you get what you deserve. Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 07:46:22PM +0200, Marcin Owsiany wrote: On Wed, Apr 10, 2002 at 06:24:01PM +0200, Narancs v1 wrote: Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? If you run an infected file - yes. Otherwise - i don't think so (they don't say if it exploits any vulnerabilities other than user's stupidity/ignorance). Basically, if you run binaries from an unsafe source, you get what you deserve. And another reason not to run as root... -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R Wasabi, '98 Kawi EX500 Harlot, '94 BMW K75s Brick When approaching a four-way stop, the vehicle with the largest tires always has the right of way. pgp5X912gTrBH.pgp Description: PGP signature
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 10:52:38AM -0700, Brandon High wrote: And another reason not to run as root... Compile from source is a good idea too. It's amazing what you can find in the source. I found a couple of stupid Trojans that way. system(mail /etc/passwd [EMAIL PROTECTED]); *sigh* -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpbVsN8QcvSy.pgp Description: PGP signature
Re: does virus ELF.OSF.8759 affect debian?
On Wed, 2002-04-10 at 13:46, Marcin Owsiany wrote: On Wed, Apr 10, 2002 at 06:24:01PM +0200, Narancs v1 wrote: Hi there! I've read a srtange info at http://www3.ca.com/Virus/Virus.asp?ID=11513 is it true? can it infect my debian systems? (woody, sid, potato)? how? If you run an infected file - yes. Otherwise - i don't think so (they don't say if it exploits any vulnerabilities other than user's stupidity/ignorance). Basically, if you run binaries from an unsafe source, you get what you deserve. Man, I try to be a honnest individual, I hope I don't deserve something like that ! ..., Is there such a thing has a 100% safe source for binaries ? Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
wow, that's bad! where did you find that evil code? jmb At 02:44 PM 4/10/02 -0700, Anne Carasik wrote: On Wed, Apr 10, 2002 at 10:52:38AM -0700, Brandon High wrote: And another reason not to run as root... Compile from source is a good idea too. It's amazing what you can find in the source. I found a couple of stupid Trojans that way. system(mail /etc/passwd [EMAIL PROTECTED]); *sigh* -Anne -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 05:46:24PM -0400, Dominique Fortier wrote: Basically, if you run binaries from an unsafe source, you get what you deserve. Man, I try to be a honnest individual, I hope I don't deserve something like that ! ..., Is there such a thing has a 100% safe source for binaries ? Check the PGP key (or GnuPG key) and the md5 checksum from the source (as long as you trust the source). Even trusted sources (like ftp.porcupine.org/pub/security) get hit with Trojan horses. Always check the digital signatures and the checksums! Debian does this when you do an apt-get, I believe. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpWJvL0nK50k.pgp Description: PGP signature
ipfwadm and ssh forwarding
Hello, i have an old cobalt cube on my network running a cutom 2.0.34 kernel, that i'm finding is going to be really hard to upgrade, it's not running debian, but everything else in here is :) so i'm only asking here because i've read the docs and tried everywhere else for help. anyway, it has ipfwadm(note: ipmasqadm is not on it) tool for handling masqing and filtering, it's currently set up to masq everything from inside to outside, and nothing else. i have a server inside running backups, pulling data from web servers remotely, that is working great, however, i need to be able to ssh into that machine from the outside, there's only one real (external) ip that's attatched to the cube, can i, using ipfwadm, set it up to route any ssh requests to that machine on that ip to the interal backup server? i've tried everything, i'm just not that familiar with firewalling, if it's possible can someone send me a sample script with the appropriate rules to forward those packets? thanks in advance for you help. signature.asc Description: This is a digitally signed message part
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 10, 2002 at 02:54:26PM -0700, Anne Carasik wrote: with Trojan horses. Always check the digital signatures and the checksums! Debian does this when you do an apt-get, I believe. I think there's support for it in later versions of apt-get, but not with the one included with Potato. -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R Wasabi, '98 Kawi EX500 Harlot, '94 BMW K75s Brick Speeling mistakes only bother people who are illiterate. pgpS8PSUGjEHI.pgp Description: PGP signature
security updates for hppa
I'm new to debian linux, and I am having trouble finding the security updates for the HPPA system. I have looked all through http://security.debian.org/dists/ I found the updates for the other ports, but not hppa. Any thoughts on where I might find them or what to put in the sources.list file? I think I installed 'woody' from the 0.9.3 CD. I am also using the 32bit kernel. TIA, Chris. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security updates for hppa
Chris Gray [EMAIL PROTECTED] writes: I'm new to debian linux, and I am having trouble finding the security updates for the HPPA system. I have looked all through http://security.debian.org/dists/ I found the updates for the other ports, but not hppa. Any thoughts on where I might find them or what to put in the sources.list file? I think I installed 'woody' from the 0.9.3 CD. I am also using the 32bit kernel. security.debian.org only contains security updates for the stable distribution which is still potato. The hppa port was not released with potato, hence no security updates at security.debian.org. You will have to get the updates from unstable. HTH, -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]