[CentOS] Apache Security
Mike Kercher
mike at vesol.com
Thu Jun 22 17:16:11 UTC 2006
centos-bounces at centos.org <> scribbled on Thursday, June 22, 2006 11:53
AM:
> Hello, I have a server running CentOS 4.3 with all the latest
> updates.
> The server in question has been hacked by spammers a few
> times. The details of the hack have been basically the same
> every time. I find some directory created by the apache user
> account in /tmp. The new directory contains an html file,
> and a list of email addresses to spam and a perl script that
> spams all those email addresses with the html file.
>
> My question is why is this happening? Obviously it's some
> apache exploit. I have removed mod_perl, that didn't help.
> I have now changed the permissions on the perl executable,
> that might help we will see, but that doesn't address the
> core problem. How is it that someone can upload arbitrary
> files to my server and then execute an arbitrary command via apache.
>
> Is this a know problem? Have others seen it? What can I do
> to help prevent this?
>
> Thanks,
>
> Matt
> _______________________________________________
Here's what I do on my servers to secure /tmp:
dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=524288
mke2fs -j /usr/tmpDSK
/etc/init.d/mysql* stop
mkdir /tmp_backup
cd /tmp
mv * /tmp_backup
mv .* /tmp_backup
echo "/usr/tmpDSK /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0" >>
/etc/fstab
cd /tmp_backup
rm -rf /tmp
mkdir /tmp
mount /usr/tmpDSK
chmod 1777 /tmp
mv * /tmp
mv .* /tmp
cd /tmp
rm -rf /tmp_backup
/etc/init.d/mysql* start
Mike
More information about the CentOS
mailing list