Complete.Org: Mailing Lists: Archives: discussion: October 2005:
[aclug-L] Problems

[aclug-L] Problems

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	<discussion@xxxxxxxxx>
Subject:	[aclug-L] Problems
From:	"Dale W Hodge" <dwh@xxxxxxxxxxxxxxxx>
Date:	Fri, 21 Oct 2005 11:09:18 -0500
Reply-to:	discussion@xxxxxxxxx

Hello guys! I've got some problems and I'm looking for advice in how to
deal with them. 

Sometime in the past few days, somebody exploited a weakness in my web
server, overwrote the index.html files on all my domains. About the same
time, it appears they appear to have utilized the mailer capabilites of
the webserver to mail out in excess of 10,000 pieces of spam! It was
when the bounce messages started flooding my mailbox that I realized I
had a problem.  There's no evidence that anyone gained root access, it
looks like it was just a webserver exploit. 

The question is how best to secure the server and prevent this from
happening again. I'm not sure just what they exploited, whether it was
in apache itself, or in the post-nuke code running on it. 

I'm open to suggestions at this point.

--Dale


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[aclug-L] Problems, Dale W Hodge <=
- [aclug-L] Re: Problems, Steven Saner, 2005/10/21
  - [aclug-L] Re: Problems, Dale W Hodge, 2005/10/22
- [aclug-L] Re: Problems, Jeff Vian, 2005/10/22
  - [aclug-L] Re: Problems, Dale W Hodge, 2005/10/22

Prev by Date: [aclug-L] Re: Blocked HTTP ports solved, Aclug.org back online
Next by Date: [aclug-L] Re: Problems
Previous by thread: [aclug-L] Blocked HTTP ports solved, Aclug.org back online
Next by thread: [aclug-L] Re: Problems
Index(es):
- Date
- Thread