Re: [Nolug] I think my linux server has been infected???

From: Jesse Planck <jesse.planck_at_gmail.com>
Date: Thu, 17 Feb 2005 16:04:09 -0600
Message-ID: <c141e08605021714045e2f991a@mail.gmail.com>

Man that sucks. I did notice that Mepis had awstats 5.6 on the
supplimental CD. Awstats had a very nasty security hole released to
the public in January that didn't get patched until January 28th.

I know this because I got whacked by this one starting on Jan. 25th
thru Jan 28th. I missed the patch announcement because I was too busy
trying to find out how someone compromised my server through the web.
Exceptionally nasty... Attacker only gained access to the web user
account.

http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities

http://www.k-otik.com/exploits/20050124.awexpl.c.php

On Wed, 16 Feb 2005 21:51:36 -0500, David Cox <cdcox@cox.net> wrote:
> Thanks Joey, I will look into it.My site is back up running on my YellowDog Linux. Damn Small Linux seems pretty cool,What do you think about Monkey Webserver??
>
> Still don,t know what happened to my Mepis Linux Server......???
>
> Is anti-virus a must have running Linux ? and also Firewall ( Gaurd Dog )???
>
> I am feeling much better today,that flu is some bad stuff !!
>
> David
>
> On Wed, 16 Feb 2005 21:44:06 -0600
> Joey Kelly <joey@joeykelly.net> wrote:
>
> > On Wednesday February 16 2005 14:57, David Cox spake:
> > > Thanks, thats what I am thinking of doing.Once I have re-installed,I want
> > > to limit access to my website to family members only by supplying username
> > > and password.I dont think that is too hard to do ........may need some help
> > > for that.
> >
> > Probably you'll want to use http authentication, it's listed on the apache
> > website.
> >
> > --
> >
> >
> > Joey Kelly
> > < Minister of the Gospel | Linux Consultant >
> > http://joeykelly.net
> > GPG key fingerprint = 8F11 D859 81A6 DE8C 5429 4A07 7146 1AFD 5C41 161E
> >
> >
> > "I may have invented it, but Bill made it famous."
> > --- David Bradley, the IBM employee that invented CTRL-ALT-DEL
> >
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/17/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST