httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kenneth Kalmer <kenneth.kal...@gmail.com>
Subject Re: [users@httpd] Hacked ? /usr/local/apache/bin/httpd -DSSL ?
Date Wed, 02 Feb 2005 21:12:41 GMT
I've seen the same thing a couple of days ago on another box. IIRC
look in /tmp for some scripts running from there. I'm not an expert on
security breaches so I won't comment on that. Also run nmap to see
what extra ports are now open, we had port 32xxx open as well and
according to GFILanGuard that's a BackOrifice port...

HTH


On Wed, 2 Feb 2005 22:09:53 +0100, mailarch@xy1.org <mailarch@xy1.org> wrote:
> Hello,
> 
> I run an Apache/1.3.29 (Debian GNU/Linux) mod_gzip/1.3.26.1a PHP/4.3.3 mod_ssl/2.8.16
OpenSSL/0.9.7c.
> 
> Today I have seen with the top command two Perl process by www-data which occupied all
my CPU resources.
> 
> ps aux | grep pid_number_of_one_of_this_perl_processes gave me that:
> 
> melanie:/usr/local# ps aux | grep 10813
> www-data 10813 48.8  0.3  5128 3456 ?        R    20:54  11:18 /usr/local/apache/bin/httpd
-DSSL
> root     12615  0.0  0.0  2056  732 pts/0    R    21:18   0:00 grep 10813
> 
> But I don't have a /usr/local/apache directory!!!
> 
> Does somebody has hacked my apache web server?
> 
> Should I contact the Debian apache package maintainer? Because I use the Debian stable
version.
> 
> --
> saf
> http://Archivum.info/ - Administrator
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


-- 
Kenneth Kalmer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message