httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Goryunov <>
Subject Re: [users@httpd] Someone hacked my apache2 server
Date Sat, 03 Apr 2010 22:24:25 GMT
Thanks for your reply.
THe problem is that I do not see any files changed on the server (and thus
cannot check the owner of them). Where should I look for the possible
evidence of someone else being there?

On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew <> wrote:

> On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:
> Yep, someone's been there.  Take it off the 'net, if you haven't already!
> And get someone competent to look: anyone on a list like this
> can only speculate!
> First question, who has non-WWW access, particularly a shell?
> If the offending files are owned by a user other than the webserver,
> it's not likely to have happened through the server.  And if that's
> happened, you may want to reinstall the server starting with a clean
> operating system install.
> If it did happen through the server, what apps let you upload contents?
> The usual suspect in cases like this is some shoddy PHP app.  You might
> also
> want to fire the admin who left contents space writable by the web user!
> --
> Nick Kew
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:> for more info.
> To unsubscribe, e-mail:
>   "   from the digest:
> For additional commands, e-mail:

View raw message