Security Breach ?
Alexander Dalloz
ad+lists at uni-x.org
Thu Mar 3 00:03:05 UTC 2005
Am Do, den 03.03.2005 schrieb Chris Strzelczyk um 0:29:
> Sorry for the long posts I didn't know if attachments were allowed or
> frowned upon. Now that I have
> been given the rules I will obey them.
Small attachments like configuration files are allowed. Just don't reply
by presenting your new content above the the mail content you reply to.
Quote whats needed to understand your new contribution and strip off the
rest. Place the reply text below the quote. Thanks :)
> I do not have users on the system which are at all capable of something
> like this. This server runs sendmail, httpd,
> named, ftp, mysql (not accessible from outside yet), pop3, squrrelmail
> (dovecot imap).
>
> I will start by looking at all those for recent security postings.
> Since the program in /tmp was owned by apache:apache I would
> imagine that the intruder used httpd to preform their exploit. That is
> where I'm at so far.
> -cs
See Dave's and Leonard's replies. Your system is owned! :( And as it
looks it is the worm / trojan known to come in by weak phpBB installs. I
would heavily appreciate if you would us all inform how that could
happen. You always installed security updates quickly? Do you have
something running with Apache which can be misused? When the phpBB worm
info came in through bugtraq I installed mod_security to disallow
specific things. It is a nice add-on for Apache (1.3 and 2.0). I use it
to restrict those ways the phpBB worm comes in as some of my users use
that forum software. http://www.modsecurity.org/ is though more general
and not a phpBB protection tool. Worth to have a look at it.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp
Serendipity 00:53:35 up 9 days, 12:02, load average: 0.32, 0.33, 0.33
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050303/9a6e8845/attachment-0001.sig>
More information about the fedora-list
mailing list