PDA

View Full Version : Apache Exploit



BlueAdept
07-13-2002, 12:31 PM
FYI if anyone is running the apache web server, there is a REMOTE ROOT exploit. It has been known for about a week or 2 but Im finally starting to see people trying it on my server.

I strongly suggest that everyone gets the updates from apache or from the distro site of your Linux.

lil_zaphod
07-29-2002, 01:58 PM
I was dorking around with our app server software that hooks into apache as well as leaving my box outside the firewall for a FTP access. The next day I tried to log in, root had a new password.

Bah, can't you evil hackers leave newbs alone? :(

Actually, thanks to SEQ opening the door, I have learned a lot about linux, samba, apache, wu-ftp, rpm, ssh, etc.

Thanks so much for working on a great product, for free, and for very little thanks.

Me.

Cryonic
07-29-2002, 04:25 PM
you sure they didn't exploit wu-ftp? That daemon is nothing but one big security hole (as are most other ftp daemons). Use SSH and SFTP for file transfers. Much safer as it encrypts the information (username, password and data).

lil_zaphod
07-29-2002, 04:30 PM
But I wasn't set up for Anonymous FTP, so I "thought" I was ok...

Live and learn, live and learn.

My co-worker didn't know how to use ssh, and I didn't feel like teaching her over the phone. I won't make that mistake again...

Maybe I'll stick it out there again, just so I have an excuse to wipe the system again, and this time use Gentoo. Maybe I just like pain.

Cryonic
07-29-2002, 05:00 PM
using SSH is no harder than FTP or telnet, just encrypts the stuff. Otherwise behaves the same for me.

BlueAdept
07-30-2002, 10:50 AM
Originally posted by lil_zaphod
But I wasn't set up for Anonymous FTP, so I "thought" I was ok...

Live and learn, live and learn.

My co-worker didn't know how to use ssh, and I didn't feel like teaching her over the phone. I won't make that mistake again...

Maybe I'll stick it out there again, just so I have an excuse to wipe the system again, and this time use Gentoo. Maybe I just like pain.

You should set up a firewall. Gshield is a fairly good and easy to set up firewall (do an Inet search for it). After you have a reliable firewall. Only let in the ip addresses that you trust (ie work or friends). If they have dynamic ips then have them start keeping track of thier ip addresses and add their ranges into the firewall. I would not open my firewall to AOL though. Your asking for trouble.

You should also view your logs on a daily basis. They are in /var/log. The ones you should be most interested in are the messages file, secure file, access_log file (in /var/log/httpd), and error_log (also in /var/log/httpd).

Do your updates (type up2date (in /usr/sbin) on a command prompt). It will update your system and fix any known problems. I usually do it every 2 weeks.

If you really get adventurous, get and setup snort and guardian. It will help secure your system even more.

Hope that helps.

lil_zaphod
07-30-2002, 11:07 AM
I have a hardware based firewall that does a good job of keeping creatins out of my systems.

The problem was when I threw the linux box outside the DMZ.

My thought process was this.... "hurm.. take time to mess with the settings... nah, I'll just make a switch in the web gui and throw the box in the DMZ in 20 secs. done. Back to real work..."

I think my next response to a co workers request like that is "download a copy of kazaa lite and find it yourself". Save me from the trouble..:)

Thanks for taking the time to point out ways to improve my systems though.

Chad