odd behaviour -- possibly security comprimised

Kevin Brown plug-discuss@lists.PLUG.phoenix.az.us
Sat, 08 Dec 2001 01:02:56 -0700


I usually look here for vulnerability notices.

http://www.securityfocus.com/

"John (EBo) David" wrote:
> 
> Kevin Brown wrote:
> >
> > http://www.backhand.org/mod_backhand/
> >
> > Looks like you have a load balancing module running for apache.  Searching the
> > web brought up a number of other hits that contained logs that show that
> > mod_backhand does call suEXEC for some reason.  If you only have the one
> > instance of apache, as opposed to a web farm, you could probably safely turn off
> > this module in httpd.conf.
> 
> thanks for the suggestions!
> 
> Another odd bit...
> 
> I wrote a cron script which scimmed the error and access logs every
> morning and auto emailed any code red or *.exe attempts which came
> within the domain to the appropriate security personel...  I just
> discovered that my crontab was blown away sometime ago, and it looks
> like 11/26 from the lack of tell-tail signs.  The logs reveiled some
> interesting stuff.
> 
> Anyone know of some good sites to read up on Linux/HTTPD vulnerabilities
> etc?
> 
> Thanks again.
> 
>   EBo --
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss