As per the original article from Scott Helme that you intially referred to, you
will need to generate a random string yourself.
Something like this might help you in the right direction -
https://gist.github.com/earthgecko/3089509
From: Luis Speciale
Reply:
01:03:45 GMT
ETag: "1748-54f0ced6b7e40"
Accept-Ranges: bytes
Content-Length: 5960
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
On Sat, Jul 8, 2017 at 9:44 AM, Mitchell Krog Photography
<mitchellk...@gmail.com> wrote:
I agree use this tool - http://w
I agree use this tool - http://www.redirect-checker.org/index.php
It’s one of the best and doesn’t cache anything so any updates you make when
working with redirects are picked up instantly.
Kind Regards
Mitchell
From: Nick Kew
Reply: users@httpd.apache.org
(.*) https://def.com%{REQUEST_URI} [END,QSA,R=permanent]
Kind Regards
Mitchell Krog
**
Visit me at https://mitchellkrog.com
**
From: Blake McBride <blake1...@gmail.com>
Reply: users@httpd.apac
Yes as it addresses a number of vulnerabilities discovered. Check mailing
list for CVE messages sent earlier today.
Kind Regards
Mitchell Krog
**
Visit me at https://mitchellkrog.com
**
License My
Ugh the things we
have to do to survive in this game!! LOL.
On 18/04/17 12:59, Mitchell Krog Photography wrote:
My experience with upgrading from 14.04 to 16.04 is apache does not upgrade
well at all, had it happen on several servers already in the past.
I would suggest backup your entire etc/apache2
My experience with upgrading from 14.04 to 16.04 is apache does not upgrade
well at all, had it happen on several servers already in the past.
I would suggest backup your entire etc/apache2 folder or rename it
/etc/apache_backup/
Then uninstall apache and purge it, uninstall PHP and purge it and
+1 php-fpm
From: Lester Caine
Reply: users@httpd.apache.org
Date: 30 March 2017 at 11:14:57 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd]
Brilliant, so glad you got it sorted :)
Cheers
Mitch
From: John Iliffe
Reply: users@httpd.apache.org
Date: 28 March 2017 at 6:08:33 PM
To: users@httpd.apache.org
What does
sudo systemctl edit --full httpd
show you ???
From: John Iliffe
Reply: users@httpd.apache.org
Date: 28 March 2017 at 4:35:52 PM
To: users@httpd.apache.org
Actually to clarify point 3. That error I stated was due to something else.
However I tested the following config and the first virtualhost completely
over-rides the second one due to the wildcard.
ServerAdmin webmaster@centos.local
DocumentRoot /var/www/html/centos
ServerName
1. I have always stuck to one ServerAlias line but for fun I tested this
config this morning and it works just fine
ServerName centos.local
ServerAlias centos2.local centos3.local
ServerAlias centos4.local
ServerAlias centos5.local centos6.local centos7.local
2. Not that I am
I’ve tested on CentOS 6.8, Apache 2.2.15
Both
*ServerTokens PROD*
*ServerSignature Off*
Work perfectly and do not affect the starting of the server.
Secondly have you actually ever run a configtest?
*apachectl configtest*
If you copy and paste the the ServerTokens and ServerSignature lines
Sorry typo …. /etc/apache2/conf-available/security.conf
From: Chunduru, Krishnachaithanya
Reply: users@httpd.apache.org
Date: 14 March 2017 at 1:56:04 PM
yeh...@ymkatz.net> <yeh...@ymkatz.net>
Reply: Yehuda Katz <yeh...@ymkatz.net> <yeh...@ymkatz.net>
Date: 14 March 2017 at 3:58:48 PM
To: users@httpd.apache.org <users@httpd.apache.org> <users@httpd.apache.org>
Cc: Mitchell Krog Photography <mitchellk...@gmail.com>
<
Not sure what version of apache you are using but in versions 2.4.x the
modification is done in /etc/conf-available/security.conf and not in the
http.conf or apache2.conf file.
From: Chunduru, Krishnachaithanya
That’s because you have generated your own certificates, they are not
trusted by any browser.
Get yourself a fully trusted free SSL certificate using the Certbot client
from Let’s Encrypt.
https://letsencrypt.org / https://community.letsencrypt.org
From: Rodrigo Cunha
Line 219 of your .conf file reads "IncludeOptional sites-enabled/*.conf”
that’s where it starts loading the sites you have configured and that’s
where it is failing. So start looking for errors on line 32 on one of your
enabled-sites conf files and not for an error in your apache2.conf which
Your SSL config for Apache 2.4.10 should be as follows
...
SSLEngine on
SSLCertificateFile
/path/to/signed_certificate_followed_by_intermediate_certs
SSLCertificateKeyFile /path/to/private/key
# Uncomment the following directive when using client certificate
authentication
I see these type of attack strings all the time on Nginx except Nginx gives
a 403. Apache is notoriously bad with security and giving 200 ok responses
makes you yourself. A reason I and many other people have switched.
User support on this list was also non existent when I ran into serious
Thanks Spork for the detailed reply you got from Berkeley, I got a similar one,
though not quite as detailed. I think the problem with Apache is that it is
simply an index.html sending a 200 “OK” and not actually replying to say yes I
am infected with whatever it is they are looking for. At the
ttpd.apache.org>, tawaso...@gmail.com
<tawaso...@gmail.com>
Subject: RE: [users@httpd] Unknown accepted traffic to my site
From the looks of it I would say it is targeting servers running SSL. Are you
serving up HTTP or HTTPS ?
From: Mitchell Krog Photography
Sent: Wednesday, Oct
It’s some kind of buffer overflow attempt. I’ve been seeing this in logs for
months. It started a few months back with the Berkeley University Scanner who
are researching by sending out a string like that and then seeing what response
they get. It’s to check for some kind of exploit. Their IP
Hi all
I am hoping someone can please give me a more concise description of
what the socache_shmcb module is and what it actually does. The
documentation at
https://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.html is very
vague and in 2 years has not changed. Google searches do not
24 matches
Mail list logo