Re: New exploit in Apache and FC3?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2005-06-26 at 22:09 -0400, Mailing List Receiver wrote:
> Ever since we found and stopped a phishing site that had been planted
> on our server to run as the default site under Apache, we have been under
> constant attack.  Presumably, the perpretrators did not appreciate that
> we made their millions of scam emails ineffective.
> 
> So, today I just happen to get a feeling that I should check for rootkits.
> Sure enough, someone had a listener at port 3049 and lsof showed the owner
> as being Apache.  More investigation shows the following in /tmp

*snip*

I'd be more inclined to guess that there actually is a hole in a web app
you are running - you are a hosting service, correct?

A lot of hacks are done through insecure hosting software - maybe cpanel
or something like that.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux