Hi,
if you check the files below, they are owned by the apache user.
My apache is linux:/tmp # rpm -q apache -> apache-1.3.27-82
Anyone know of existing security leaks for this?
apache can be patched and without security holes but what is with other apache modules or scripts?! check this also! the entries in your directory list like "..." and "...." are not normal, chack what is in this directories! (i thik your machine was hacked and you shold disconnect it from network, backup all logs, grep for open connection and processes for research purposes and make a clean install of the system!) chack running process and opened network connections, check for rootkits (also the services that are in LISTEN mode)
Below-> listing of temp files,anyone seens this before?
drwxrwxrwt 25 root root 1640 Jan 31 12:45 . drwxr-xr-x 22 root root 512 Dec 5 14:52 .. drwxr-xr-x 8 wwwrun nogroup 640 Jan 21 10:49 ... drwxr-xr-x 2 wwwrun nogroup 48 Jan 28 15:17 .... -rwxr-xr-x 1 wwwrun nogroup 838 Dec 15 12:49 .rHgmHsb -rw-r--r-- 1 wwwrun nogroup 424644 Oct 15 04:46 ary.tgz.tgz -rwxr-xr-x 1 wwwrun nogroup 19580 Jan 28 15:17 bindtty -rwxr-xr-x 1 wwwrun nogroup 15003 Aug 5 20:17 cbd -rwxr-xr-x 1 wwwrun nogroup 17897 Jan 31 08:26 cgi -rwxrwxrwx 1 wwwrun nogroup 15029 Jan 31 08:42 cgi.1 -rw-r--r-- 1 wwwrun nogroup 11805 Jan 31 08:42 dc -rw------- 1 wwwrun nogroup 8952 Jan 30 10:22 -rwxrwxrwx 1 wwwrun nogroup 170613 Dec 5 06:45 telnetd -rwxrwxrwx 1 wwwrun nogroup 16798 Jan 28 07:51 webphp
best regards, allen