[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 05:09:37 UTC 2009
John R. Dennison <jrd at gerdesas.com>

On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
> 
> not kidding... the majority of windows based attacks on an apache system
> running on linux systems are obnoxiousm but not harmful... the kinds of
> attacks that are looking to exploit windows buffer overflows are harmless to
> linux systems..
> 
> this isn't to say that all windows attacks are harmless, but this has been
> my experience, as well as what i've seen in the lit.
> 
> if you have other information regarding windows attaks on webservers, that
> also impact linux boxes, please share the relevant websites, describing the
> attack vectors.. i'd be interested in checking out the articles as would
> others...

	Not to be rude but what you are rambling on about?

	He's running an apache instance on cent5.  He has processes he
	can not readily identify running under apache named "atack";
	where does "windows" come into the equation?  What the processes
	are specifically doing is secondary to the problem at hand,
	which is that the processes exist in the first place.

	Please, enlighten me as to how you can think that his box has
	not been compromised.  Please, enlighten me as to how he (or
	you) can gauge the extent of the compromise (assuming no HIDS
	in use on the server).

	I stand by my previous advice - the box is compromised, can not
	be trusted, and as a responsible admin he should be working on
	re-installing it, evaluating what web-apps he had running that
	led to this in the first place and taking the appropriate steps
	to ensure it does not happen again.





							John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
                                     Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not fun.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090603/59a10bc2/attachment-0005.sig>