Re: Apache attacks
From: KillKenny (killkenny_at_fibertel.com.ar)
Date: 01/28/05
- Previous message: David Gillett: "RE: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?"
- In reply to: Kenny: "Apache attacks"
- Next in thread: Dan Margolis: "Re: Apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Thu, 27 Jan 2005 21:01:26 -0300
Hi Kenny ..
Do you try whit any rootkit hunter to know if your machine is trojanized or
owned?
Good Luck!
Killkenny
----- Original Message -----
From: "Kenny" <kenny@codez.co.uk>
To: <security-basics@securityfocus.com>
Sent: Wednesday, January 26, 2005 5:56 PM
Subject: Apache attacks
> Hi List,
>
> Long time reader, first time poster...
>
> My server crashed yesturday and I had to restart it, to get it going
> again. Now everything seems ok, however looking at my
> /var/log/httpd/access_log.1 shows a visitor to the website posting some
> big chunks of exploit code (containing a massive nop sled).
> How do I know if this attacker actually got in or not?
>
> This is a redhat fedora core 2 box, and I would describe myself as an
> "intermediate" linux user.
>
> Also, has anyone got any scripts that can detect attacks against apache
> and ban the ip for a period of time?
>
> I will post the exploit on request.
>
> Thanks, Kenny
- Previous message: David Gillett: "RE: Possible weird/insecure configuration of an ISP router exposed unfiltered to public internet?"
- In reply to: Kenny: "Apache attacks"
- Next in thread: Dan Margolis: "Re: Apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
