httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Someone hacked my apache2 server
Date Sat, 03 Apr 2010 22:05:54 GMT

On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:

> Hello all,
> It looks like someone hacked my apache2 server and I am trying to understand how this
could have happened.
> This is what happened:

Yep, someone's been there.  Take it off the 'net, if you haven't already!
And get someone competent to look: anyone on a list like this
can only speculate!

First question, who has non-WWW access, particularly a shell?
If the offending files are owned by a user other than the webserver,
it's not likely to have happened through the server.  And if that's
happened, you may want to reinstall the server starting with a clean
operating system install.

If it did happen through the server, what apps let you upload contents?
The usual suspect in cases like this is some shoddy PHP app.  You might also
want to fire the admin who left contents space writable by the web user!

-- 
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message