Network Security: Detailed info on Re: Apache attacks

Subject:	Re: Apache attacks
Date:	Thu, 27 Jan 2005 21:01:26 -0300

Hi Kenny ..

Do you try whit any rootkit hunter to know if your machine is trojanized or
owned?


Good Luck!

Killkenny


----- Original Message ----- 
From: "Kenny" <kenny@codez.co.uk>
To: <security-basics@securityfocus.com>
Sent: Wednesday, January 26, 2005 5:56 PM
Subject: Apache attacks

Hi List,

Long time reader, first time poster...

My server crashed yesturday and I had to restart it, to get it going
again. Now everything seems ok, however looking at my
/var/log/httpd/access_log.1 shows a visitor to the website posting some
big chunks of exploit code (containing a massive nop sled).
How do I know if this attacker actually got in or not?

This is a redhat fedora core 2 box, and I would describe myself as an
"intermediate" linux user.

Also, has anyone got any scripts that can detect attacks against apache
and ban the ip for a period of time?

I will post the exploit on request.

Thanks, Kenny

<Prev in Thread]	Current Thread	[Next in Thread>
Apache attacks, Kenny Re: Apache attacks, Bernie Johnson Re: Apache attacks, Micheal Cottingham Re: Apache attacks, bernie Re: Apache attacks, KillKenny <= Re: Apache attacks, Dan Margolis Re: Apache attacks, Ty Bodell Re: Apache attacks, miguel . dilaj

Previous by Date:	RE: RPC over HTTP security, Depp, Dennis M.
Next by Date:	Re: Apache attacks, Dan Margolis
Previous by Thread:	Re: Apache attacks, bernie
Next by Thread:	Re: Apache attacks, Dan Margolis
Indexes:	[Date] [Thread] [Top] [All Lists]