On Mon, 6 Jun 2005, Eben Goodman wrote:
find / -user apache -print
-Dan
I actually know which user it got through on, it came in through an insecure
php nuke application. I have since removed the nuke app, but the damage
appears to be done, since this eggdrop crap is still running on the server.
Is there a way to find, and remove the software once it has found it's way
on?
thanks,
Eben
Dan Mahoney, System Admin wrote:
On Mon, 6 Jun 2005, Eben Goodman wrote:
If you're doing multi-hosting, look into suexec. the fact that it runs
CGI's as the user is kinda secondary to the fact that it shows you WHICH
user uploaded the insecure script.
For PHP scripts, I've had good luck running suPHP (which is not an official
apache project, but something similar really should be).
-Dan
I recently had an irc exploit on my server running this eggdrop relay
thing via apache. I was able to find the offending files and remove them
and the eggdrop processes went away for awhile, but now they are back and
try as I might I can't find any files that correspond to this software.
When viewing top it shows the eggdrop processes running as apache. If I
don't reboot the server for a couple days the eggdrop apache processes
start sucking up all cpu and gobbling bandwidth.
Has anyone else dealt with this?
thanks,
Eben
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Amerikanskaya firma Transceptor Technology pristupila k poizvodstu
komputerov "Personal'ni Sputnik"
--Snap, "The Power"
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
"I hate Windows"
-Tigerwolf, Anthrocon 2004
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]