odd behaviour -- possibly security comprimised
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 08 Dec 2001 00:49:06 -0700
Kevin Brown wrote:
>
> http://www.backhand.org/mod_backhand/
>
> Looks like you have a load balancing module running for apache. Searching the
> web brought up a number of other hits that contained logs that show that
> mod_backhand does call suEXEC for some reason. If you only have the one
> instance of apache, as opposed to a web farm, you could probably safely turn off
> this module in httpd.conf.
thanks for the suggestions!
Another odd bit...
I wrote a cron script which scimmed the error and access logs every
morning and auto emailed any code red or *.exe attempts which came
within the domain to the appropriate security personel... I just
discovered that my crontab was blown away sometime ago, and it looks
like 11/26 from the lack of tell-tail signs. The logs reveiled some
interesting stuff.
Anyone know of some good sites to read up on Linux/HTTPD vulnerabilities
etc?
Thanks again.
EBo --