Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Apache Gain Remote Shell Access
  • From: Sven 'Darkman' Michels <sven@xxxxxxxxxx>
  • Date: Thu, 04 Sep 2003 00:50:44 +0200
  • Message-id: <3F567044.9030408@xxxxxxxxxx>
Marco Lum wrote:
Please help, I Can't found where he can get in~~!

i know serval ways to break into such a system:
- installed PHP/Perl/CGI/whatever Script
- known FTP Account (anonymous?!) with access to webdirs
- Apache exploit (e.g. chunked bug)
- SSL Exploit

If your Box is well updated you can drop the last two
possibilities (hopefully the box was ;). The others are
well known flaws and, if you have a hosting box or so, you
can't really control what other users install. Many scripts
(whois etc.) don't really check for input. If it's your
company's webserver you should know whats installed. But
like the others already said: unplugg the box. Maybe you've
the chance to check with chkrootkit (www.chkrootkit.org) if
he had more access then the log shows.

HTH and if you've any further questions, drop a line (or two ;)

Sven


< Previous Next >
Follow Ups
References