Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided?
Sent from my iPhone > On Jan 4, 2016, at 8:21 PM, Michael D. Berger <[email protected]> wrote: > > It was not overwritten. If you looked on the server, it was just fine. > But an executable was delivered instead. In any case, it is gone > with the wind -- DBAN is now running on the server. Hopefully, > the reinstallation will work better. > > Mike. > > -- > Michael D. Berger > [email protected] > http://www.rosemike.net/ > > > > From: Dino B. [mailto:[email protected]] > Sent: Monday, January 04, 2016 19:36 > To: [email protected] > Subject: RE: [users@httpd] Possible virus via httpd server > > Hmmm, index. Html is just default page??? Strange that that it got > overwritten by some executable > > -- > Dino Buljubasic > > -- > Dino Buljubasic > Cell 604 441 3560 > > Please pardon my brevity - sent from my mobile device. Please excuse any > typos. > >> On Jan 4, 2016 12:38, "Michael D. Berger" <[email protected]> wrote: >> Following your suggestion, I made use of my daily backups to install >> the httpd.conf from two days ago, when all was well. The problem was >> the same. I tried sublitting a file to sophos, but I would have to >> join, and I am not ready for that. See also my next email. >> >> Still heading toward DBAN. >> >> Thanks, >> Mike. >> >> -- >> Michael D. Berger >> [email protected] >> http://www.rosemike.net/ >> >> >> > -----Original Message----- >> > From: Keith Roberts [mailto:[email protected]] >> > Sent: Monday, January 04, 2016 11:25 >> > To: [email protected] >> > Subject: Re: [users@httpd] Possible virus via httpd server >> > >> > Hi Mike. >> > >> > You might like to send this to sophos for analysis: >> > >> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx >> > >> > As index.html is the default page if nothing else is >> > configured, has your httpd.conf file been modified to server >> > this binary file instead of index.html? >> > >> > HTH, >> > >> > Keith Roberts >> > >> > On 4 Jan 2016, at 16:18, Michael D. Berger >> > <[email protected]> wrote: >> > >> > > Warning: This message contains unverified links which may >> > not be safe. You should only click links if you are sure >> > they are from a trusted source. >> > > Examining with Lemmy (A Windows version of VI), it looks >> > like a binary file. >> > > Size is 181.4 KB. >> > > I am considering my favorite virus remover: DBAN, but it would take >> > > several days work to recover from that. >> > > >> > > Mike. >> > > -- >> > > Michael D. Berger >> > > [email protected] >> > > http://www.rosemike.net/ >> > > >> > > >> > >> -----Original Message----- >> > >> From: Daniel Beardsmore [mailto:[email protected]] >> > >> Sent: Monday, January 04, 2016 05:03 >> > >> To: [email protected] >> > >> Subject: RE: [users@httpd] Possible virus via httpd server >> > >> >> > >> Well, what do you see if you examine the file in a text editor? >> > >> >> > >>> -----Original Message----- >> > >>> From: Michael D. Berger [mailto:[email protected]] >> > >>> Sent: 04 January 2016 05:03 >> > >>> To: Apache-Users >> > >>> Subject: [users@httpd] Possible virus via httpd server >> > >>> >> > >>> Using my WinXP Firefox client to access my previously >> > working httpd >> > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my >> > >>> index.html . Do you think I have a virus on my Linux box? I did >> > >>> notice that my iptables is not as tight as it should be. >> > >>> >> > >>> -- >> > >>> Michael D. Berger >> > >>> [email protected] >> > >>> http://www.rosemike.net/ >> > >>> >> > >>> >> > >>> >> > >>> >> > >> >> > --------------------------------------------------------------------- >> > >>> To unsubscribe, e-mail: [email protected] >> > >>> For additional commands, e-mail: [email protected] >> > >>> >> > >>> >> > >> >> > --------------------------------------------------------------------- >> > >> To unsubscribe, e-mail: [email protected] >> > >> For additional commands, e-mail: [email protected] >> > >> >> > > >> > > >> > > >> > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: [email protected] >> > > For additional commands, e-mail: [email protected] >> > > >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] >> > For additional commands, e-mail: [email protected] >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected]
