hello all. what exactly has to be done to secure apache ssl on a 8.1 ? my config apache 1.3.26 mod_php 4.2.2 openssl 0.9.6g it seems as if some guys are able to drop and execute scripts via apache, and let them execute. the last one executed locally, but got caught by iptables, while trying to open local ports and create a connections to a remote host on the following ports : DPT=4045 DPT=3306 DPT=682 DPT=2620 DPT=662 DPT=277 DPT=400 DPT=1422 DPT=638 DPT=1462 DPT=555 DPT=1377 DPT=386 DPT=2003 DPT=2034 DPT=498 DPT=766 DPT=680 DPT=1532 DPT=1000 DPT=1349 DPT=803 DPT=335 DPT=1234 DPT=1427 DPT=7326 DPT=612 DPT=129 DPT=395 DPT=798 the next run, it used a different local port, and used the ports mentioned above the other way around. any ideas ?? -----Ursprüngliche Nachricht----- Von: Peter Wiersig [mailto:wiersig-ml@dns.glamus.de] Gesendet: Freitag, 30. Mai 2003 12:38 An: suse-security@suse.com Betreff: Re: [suse-security] iptables error Rodel Collado Urani wrote:
ip_tables.o: init_module: Device or resource busy
Check with "lsmod" if a module named "ipchains" is loaded. If so, unload it with "rmmod ipchains" and try again. Peter -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
hello, Gerhard Stegmann wrote:
hello all. what exactly has to be done to secure apache ssl on a 8.1 ?
my config
apache 1.3.26 mod_php 4.2.2
openssl 0.9.6g
it seems as if some guys are able to drop and execute scripts via apache, and let them execute. the last one executed locally, but got caught by iptables, while trying to open local ports and create a connections to a remote host on the following ports [port list]
the next run, it used a different local port, and used the ports mentioned above the other way around. any ideas ??
You should stay in touch with online updates of your software. Apache, modssl and php where lately exploitable for remote users (or et least, possible to exploit). mod_ssl exploit is one of the most used at the moment. So check if your Software is up-to-date and if not, use YOU or FOU4S. IF ppl where on your box without your permission (aka crackers/hackers), you need to reinstall that box cause nearly all software could be compromised. Use chkrootkit (www.chkrootkit.org) to check for intruders and rootkits on your box. Regards, Sven
participants (2)
-
Gerhard Stegmann
-
Sven 'Darkman' Michels