DaZZa wrote:
> On Sat, 10 Nov 2001, N Jagadish wrote:
> > The system is a Compaq server with RH7.0 and
> > apache running. pranksters seem to get in
> > thru' some bug in Apache 1.3.12, httpd.conf,
> > get root access and run IRC bouncers PsynBNC,
> > eggdrop and bring the machine to DoS !
> Upgrade or disable Apache?
> Latest 1.3.x series Apache is 1.3.22, or go to version 2 - currently at
> 2.0.16 {_very_ beta - use at your own risk}.
But they should not be able to get in. There is prob some conf setting
allowing access to some directory with some permissions or something
that allows them access. It would be best to work out how they are getting
in rather than just upgrade. Perhaps post here relevant http.conf sections.
(** Rename server names and real ip-addresses and anything that is private to
something else before you post so that no one can later on find anything
interesting ! ** )
Mike
--
--------------------------------------------------------------------
Michael Lake
Active caver, Linux enthusiast and interested in anything technical.
Safety Convenor, Australian Speleological Federation
Owner, Speleonics (Australia)
--------------------------------------------------------------------
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
