Security Basics mailing list archives
Apache attacks
From: Kenny <kenny () codez co uk>
Date: Wed, 26 Jan 2005 20:56:52 +0000
Hi List, Long time reader, first time poster...My server crashed yesturday and I had to restart it, to get it going again. Now everything seems ok, however looking at my /var/log/httpd/access_log.1 shows a visitor to the website posting some big chunks of exploit code (containing a massive nop sled).
How do I know if this attacker actually got in or not?This is a redhat fedora core 2 box, and I would describe myself as an "intermediate" linux user.
Also, has anyone got any scripts that can detect attacks against apache and ban the ip for a period of time?
I will post the exploit on request. Thanks, Kenny
Current thread:
- Apache attacks Kenny (Jan 27)
- Re: Apache attacks Bernie Johnson (Jan 27)
- Re: Apache attacks Micheal Cottingham (Jan 28)
- Re: Apache attacks bernie (Jan 28)
- Re: Apache attacks KillKenny (Jan 28)
- Re: Apache attacks Dan Margolis (Jan 28)
- Re: Apache attacks Ty Bodell (Jan 31)
- <Possible follow-ups>
- Re: Apache attacks miguel . dilaj (Jan 31)
- Re: Apache attacks Bernie Johnson (Jan 27)