hi. chkrootkit says 'not infected' except for "bindshell", on port 465, where the tls secured smpt-server sits. so i think it just gets the wrong string. is this correct ? you does not give the option to update this apache/ssl/php-versions, so they're up to date???!??!? thx for comments, gerhard -----Ursprüngliche Nachricht----- Von: Sven 'Darkman' Michels [mailto:sven@darkman.de] Gesendet: Freitag, 30. Mai 2003 15:41 An: suse-security@suse.com Betreff: Re: [suse-security] securing apache / SSL hello, Gerhard Stegmann wrote:
hello all. what exactly has to be done to secure apache ssl on a 8.1 ?
my config
apache 1.3.26 mod_php 4.2.2
openssl 0.9.6g
it seems as if some guys are able to drop and execute scripts via apache, and let them execute. the last one executed locally, but got caught by iptables, while trying to open local ports and create a connections to a remote host on the following ports [port list]
the next run, it used a different local port, and used the ports mentioned above the other way around. any ideas ??
You should stay in touch with online updates of your software. Apache, modssl and php where lately exploitable for remote users (or et least, possible to exploit). mod_ssl exploit is one of the most used at the moment. So check if your Software is up-to-date and if not, use YOU or FOU4S. IF ppl where on your box without your permission (aka crackers/hackers), you need to reinstall that box cause nearly all software could be compromised. Use chkrootkit (www.chkrootkit.org) to check for intruders and rootkits on your box. Regards, Sven -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here