httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Goryunov <oleg.goryu...@gmail.com>
Subject Re: [users@httpd] Someone hacked my apache2 server
Date Sat, 03 Apr 2010 22:24:25 GMT
Nick,
Thanks for your reply.
THe problem is that I do not see any files changed on the server (and thus
cannot check the owner of them). Where should I look for the possible
evidence of someone else being there?

On Sun, Apr 4, 2010 at 2:05 AM, Nick Kew <nick@webthing.com> wrote:

>
> On 3 Apr 2010, at 22:20, Oleg Goryunov wrote:
>
>
>
> Yep, someone's been there.  Take it off the 'net, if you haven't already!
> And get someone competent to look: anyone on a list like this
> can only speculate!
>
> First question, who has non-WWW access, particularly a shell?
> If the offending files are owned by a user other than the webserver,
> it's not likely to have happened through the server.  And if that's
> happened, you may want to reinstall the server starting with a clean
> operating system install.
>
> If it did happen through the server, what apps let you upload contents?
> The usual suspect in cases like this is some shoddy PHP app.  You might
> also
> want to fire the admin who left contents space writable by the web user!
>
> --
> Nick Kew
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message