Security Breach ?
Chris Strzelczyk
cstrzelczyk at nobletechnology.net
Thu Mar 3 00:37:54 UTC 2005
Thanks,
I will take a serious look at mod_security. I do install security
updates
which is why I believe this to be my error on the configuration side
and not
a hole.
Thanks for all you help.
-cs
On Mar 2, 2005, at 7:03 PM, Alexander Dalloz wrote:
>>
>
> See Dave's and Leonard's replies. Your system is owned! :( And as it
> looks it is the worm / trojan known to come in by weak phpBB installs.
> I
> would heavily appreciate if you would us all inform how that could
> happen. You always installed security updates quickly? Do you have
> something running with Apache which can be misused? When the phpBB worm
> info came in through bugtraq I installed mod_security to disallow
> specific things. It is a nice add-on for Apache (1.3 and 2.0). I use it
> to restrict those ways the phpBB worm comes in as some of my users use
> that forum software. http://www.modsecurity.org/ is though more general
> and not a phpBB protection tool. Worth to have a look at it.
>
More information about the fedora-list
mailing list