Date: Wed, 11 Jan 2012 21:13:53 +0100
From: jer...@adaptr.nl
To: users@httpd.apache.org
Subject: Re: [users@httpd] attack on apache
On 01/11/2012 09:10 PM, Jaco Kroon wrote:
On 11/01/12 21:35, Jeroen Geilman wrote:
In /var/log/httpd/error_log I see hink like this
sh: del comand no found
sh: xx Permission denied
I need help !
1. Stop apache.
2. investigate which leaky, creaky or lousy PHP script allowed
this exploit.
3. remove the bad script.
4. Remount /tmp with noexec,nosuid,nodev to prevent the majority
of these types of exploits.
Surely you noticed that I did not advise him to turn it back on - at
all ? ;)
But yes, distros that don't protect /tmp suck.
--
J.
Thanks Jeron:
any idea how to start researching which is the leaky script
Cheers
Luisa
- [users@httpd] attack on apache Luisa Ester Navarro
- Re: [users@httpd] attack on apache Simone Caruso
- FW: [users@httpd] attack on apache Luisa Ester Navarro
- Re: FW: [users@httpd] attack on apache Tom Evans
- RE: [users@httpd] attack on apache Luisa Ester Navarro
- Re: [users@httpd] attack on apac... Jeroen Geilman
- Re: [users@httpd] attack on ... Jaco Kroon
- Re: [users@httpd] attack... Jeroen Geilman
- RE: [users@httpd] attack... Luisa Ester Navarro
- Re: [users@httpd] attack... Kevin A. McGrail
- Re: [users@httpd] attack... Jaco Kroon
- Re: [users@httpd] attack... Jeroen Geilman
- Re: [users@httpd] attack... Jaco Kroon
