[CentOS] Apache Security
Nicolas Ross
rossnick-lists at cybercat.ca
Thu Jun 22 17:16:53 UTC 2006
> Hello, I have a server running CentOS 4.3 with all the latest updates. The
> server in question has been hacked by spammers a few times. The details
> of the hack have been basically the same every time. I find some
> directory created by the apache user account in /tmp. The new directory
> contains an html file, and a list of email addresses to spam and a perl
> script that spams all those email addresses with the html file.
>
> My question is why is this happening? Obviously it's some apache exploit.
> I have removed mod_perl, that didn't help. I have now changed the
> permissions on the perl executable, that might help we will see, but that
> doesn't address the core problem. How is it that someone can upload
> arbitrary files to my server and then execute an arbitrary command via
> apache.
>
> Is this a know problem? Have others seen it? What can I do to help
> prevent this?
I've also been hacked a couple of times with this sort of exploits. In my
case, il was an exploit in awstats, a weblog analyser. If you have it, I
strongly suggest you get up to the latest version...
Also, if you have php scripts installed, they are a frequent source of
security holes.s
Nicolas
More information about the CentOS
mailing list