Security Breach ?

[Chris Strzelczyk]

Thanks,

I will take a serious look at mod_security.  I do install security 
updates
which is why I believe this to be my error on the configuration side 
and not
a hole.

Thanks for all you help.
-cs
On Mar 2, 2005, at 7:03 PM, Alexander Dalloz wrote:

>>
>
> See Dave's and Leonard's replies. Your system is owned! :( And as it
> looks it is the worm / trojan known to come in by weak phpBB installs. 
> I
> would heavily appreciate if you would us all inform how that could
> happen. You always installed security updates quickly? Do you have
> something running with Apache which can be misused? When the phpBB worm
> info came in through bugtraq I installed mod_security to disallow
> specific things. It is a nice add-on for Apache (1.3 and 2.0). I use it
> to restrict those ways the phpBB worm comes in as some of my users use
> that forum software. http://www.modsecurity.org/ is though more general
> and not a phpBB protection tool. Worth to have a look at it.
>