[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
bedouglas at earthlink.net
Wed Jun 3 05:18:03 UTC 2009
you and i agreee on him figuring out what web apps are causing the issues..
or in fact, exactly what the 'atack' process is? i didn't see the initial
threads.. was this simething that he discussed? did he say what the arack
process was doing?
my only point, was that reinstalling wotjout understanding what was/is going
on is a draconian step.. does it resolve the issue.. sire.. does it get to
what might have been the cause.. not in my opinion...
but hey.. there are different ways of approaching a problem...
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
Behalf Of John R. Dennison
Sent: Tuesday, June 02, 2009 10:10 PM
To: CentOS mailing list
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
> not kidding... the majority of windows based attacks on an apache system
> running on linux systems are obnoxiousm but not harmful... the kinds of
> attacks that are looking to exploit windows buffer overflows are harmless
> linux systems..
> this isn't to say that all windows attacks are harmless, but this has been
> my experience, as well as what i've seen in the lit.
> if you have other information regarding windows attaks on webservers, that
> also impact linux boxes, please share the relevant websites, describing
> attack vectors.. i'd be interested in checking out the articles as would
Not to be rude but what you are rambling on about?
He's running an apache instance on cent5. He has processes he
can not readily identify running under apache named "atack";
where does "windows" come into the equation? What the processes
are specifically doing is secondary to the problem at hand,
which is that the processes exist in the first place.
Please, enlighten me as to how you can think that his box has
not been compromised. Please, enlighten me as to how he (or
you) can gauge the extent of the compromise (assuming no HIDS
in use on the server).
I stand by my previous advice - the box is compromised, can not
be trusted, and as a responsible admin he should be working on
re-installing it, evaluating what web-apps he had running that
led to this in the first place and taking the appropriate steps
to ensure it does not happen again.
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked
be put through to an engineer.
"My other computer is your windows box."
<sxem> trying to play sturgeon while it's under attack is apparently not
More information about the CentOS