odd behaviour -- possibly security comprimised
Kevin Brown
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 08 Dec 2001 01:02:56 -0700
I usually look here for vulnerability notices.
http://www.securityfocus.com/
"John (EBo) David" wrote:
>
> Kevin Brown wrote:
> >
> > http://www.backhand.org/mod_backhand/
> >
> > Looks like you have a load balancing module running for apache. Searching the
> > web brought up a number of other hits that contained logs that show that
> > mod_backhand does call suEXEC for some reason. If you only have the one
> > instance of apache, as opposed to a web farm, you could probably safely turn off
> > this module in httpd.conf.
>
> thanks for the suggestions!
>
> Another odd bit...
>
> I wrote a cron script which scimmed the error and access logs every
> morning and auto emailed any code red or *.exe attempts which came
> within the domain to the appropriate security personel... I just
> discovered that my crontab was blown away sometime ago, and it looks
> like 11/26 from the lack of tell-tail signs. The logs reveiled some
> interesting stuff.
>
> Anyone know of some good sites to read up on Linux/HTTPD vulnerabilities
> etc?
>
> Thanks again.
>
> EBo --
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss