> Date: Fri, 13 Jan 2012 15:32:55 -0500
> To: users@httpd.apache.org
> From: storm...@stormy.ca
> Subject: Re: [users@httpd] attack on apache - solved -
>
> At 04:48 PM 1/13/2012 -0300, you wrote:
> >Thanks a lot to everyone who help me to solve the problem.
> >I had installed phpmyadmin and they used it to attack my server.
> >I found this in /var/log/httpd/access_log
>
> Was your compile of apache2 "prefork" or "worker"? And could you be a
> little more explicit with what you found in your logs (without compromising
> security?)
>
> I'm interested because I have a "worker" compile of 2.2.17 that I will
> shortly be changing either to FastCGI or prefork, because of php that
> requires libapache2-mod-php5, which in turn depends on apache2-mpm-prefork
> (> 2.0.52) and apache2-mpm-itk.
>
> tnx - paul
>
>
My apache is compiled with prefork.
My phpmyadmin must be used only from my internal network with user and passwd
(I thought this ). When I was looking at my access_log I saw that it was being
used from and external ip.
The messages in my logfile is:
xx.xxx.xx.xx "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 14049 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
xx.xxx.xxx.xx "POST /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 -
"http://xxx.xx.xx.xx/admin/phpmyadmin/scripts/setup.php\r"; "Mozilla/4.0
(compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
Now I just remove some permissions until I find a real solution . I am using
Centos 5.7.
Cheers
Luisa
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
