Security Basics mailing list archives
Re: Apache attacks
From: "KillKenny" <killkenny () fibertel com ar>
Date: Thu, 27 Jan 2005 21:01:26 -0300
Hi Kenny .. Do you try whit any rootkit hunter to know if your machine is trojanized or owned? Good Luck! Killkenny ----- Original Message ----- From: "Kenny" <kenny () codez co uk> To: <security-basics () securityfocus com> Sent: Wednesday, January 26, 2005 5:56 PM Subject: Apache attacks
Hi List, Long time reader, first time poster... My server crashed yesturday and I had to restart it, to get it going again. Now everything seems ok, however looking at my /var/log/httpd/access_log.1 shows a visitor to the website posting some big chunks of exploit code (containing a massive nop sled). How do I know if this attacker actually got in or not? This is a redhat fedora core 2 box, and I would describe myself as an "intermediate" linux user. Also, has anyone got any scripts that can detect attacks against apache and ban the ip for a period of time? I will post the exploit on request. Thanks, Kenny
Current thread:
- Apache attacks Kenny (Jan 27)
- Re: Apache attacks Bernie Johnson (Jan 27)
- Re: Apache attacks Micheal Cottingham (Jan 28)
- Re: Apache attacks bernie (Jan 28)
- Re: Apache attacks KillKenny (Jan 28)
- Re: Apache attacks Dan Margolis (Jan 28)
- Re: Apache attacks Ty Bodell (Jan 31)
- <Possible follow-ups>
- Re: Apache attacks miguel . dilaj (Jan 31)
- Re: Apache attacks Bernie Johnson (Jan 27)