On Tue, 12 Nov 2002 at 02:45:52PM +0100, Alexander Neumann wrote: Greets from cold Michigan... > Is there a new apache-exploit in the wild?
Only the old one. It does not mean apache was exploded. Someone could have rooted you and decided they wanted a web server. They left your apache config alone, made their own somewhere else on the hard drive and started up apache. I would remove all sensitive information from the box, have your firewall treat it as an external entity, none of your other machines should trust it, and monitor it via tcpdump or ngrep for a few days. After which time if you determine it was rooted blow it away and restore /home and /var (you do keep backups, right?) Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #58: Descramble code needed from software company
msg07704/pgp00000.pgp
Description: PGP signature