[users@httpd] Defaced Website : Few forensic tips and help
List , https://pastebin.com/YspPiWif One of our PHP website hacked on 3rd july 2022. I am attaching the httpd access files contents in the above pastebin.I hide the original URL of the website due to a SLA policy. Can anybody point out from the logs what exactly made the attacker able to bring the site down.. Has he used this php site for attacking ? Any other logs or command line outputs needed let me know. I will share the required files. I am new to this area of forensic analysis to find out the root cause of the attack . Kindly shed some tips to find out where the vulnerability is and how to prevent it in future. Any more inputs/details required keep me informed, I can share those too. Regards, Krish
Re: [users@httpd] Re: ETAG and Vary with reverse proxy and xsendfile
> (I'm still unsure if sending valid ETags is sufficient to make > If-None-Match work, i.e. whether the checking for that is up or > downstream of where mod_xsendfile sits - any comments anyone?) Yes, this is the part that that's relevant: https://github.com/nmaier/mod_xsendfile/blob/master/mod_xsendfile.c#L558 If there was a valid ETAG at this point, it would trigger the conditional request handling. It looks like preceding this line the module is trying to get the core to set the same ETAG it would have set if serving the static file directly. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to sign up using Apache
Wow! great solution. So we have to use htdbm. Is this the standard way of
doing it or are there other alternatives?
On Sun, Jul 3, 2022 at 9:08 PM Simon Harrison wrote:
> On Sun, 3 Jul 2022 20:26:45 +0600
> Ahmad Ismail wrote:
>
> > Who writes to dbm password files? I mean how are new users registered?
> >
> > If apache authenticates using `mod_auth_basic` or `mod_auth_digest`
> > then someone must put the users with their credentials there.
> >
> > Best regards,
> > Ahmmad Ismail
> >
>
> I setup users over SSH with Python:
>
> subprocess.run(['ssh', 'm...@server.tld', 'htdbm -bt
> /usr/local/apache2/var/users.dbm', email, pword,
> '{},'.format(alias)])
>
> Works really well. You will need to make yourself the owner of the dbm
> file and www-data as the group.
>
> Simon
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
[users@httpd] Re: ETAG and Vary with reverse proxy and xsendfile
Yesterday I asked: 2. mod_xsendfile (see https://github.com/nmaier/mod_xsendfile) sends the specified file to the client. Currently, all responses seem to have ETAG: "0". I'd like the ETAG to be based in the normal way on the attributes of the file that mod_xsendfile actually sends. I believe I've found a bug in mod_xsendfile that explains this. This module doesn't seem to have had much attention from its author for a number of years, yet it does provide a useful feature (which some other servers have built-in). Has Apache ever considered adopting this module, or otherwise adding this functionality? (I'm still unsure if sending valid ETags is sufficient to make If-None-Match work, i.e. whether the checking for that is up or downstream of where mod_xsendfile sits - any comments anyone?) Regard, Phil. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
