Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A new linux worm named Lupper along with several variants (Lupii, Lupii2, Listen) have been reported in the wild. These worms target several older vulnerabilities, including the XML-RPC, AWStats and Darryl Burgdorf's Webhints vulnerabilities. Analysis of the worm indicates that it attempts to upload a trojan to /tmp using wget. Anyone using PHP, AWStats, or Webhints are strongly encourage to verify that they are running current versions. See the following links for more details:
Snort has picked up several of these attacks on our network in the last few days. The specific one I've seen is the one that exploits the XML-RPC vuln in PHP. The web page it posts to indicate that it is trying to attack specific apps that would be vulnerable were they installed. I haven't seen any indiscriminate posting looking for vulnerable pages.
Originally posted by Capt_Caveman A new linux worm named Lupper along with several variants (Lupii, Lupii2, Listen) have been reported in the wild. These worms target several older vulnerabilities, including the XML-RPC, AWStats and Darryl Burgdorf's Webhints vulnerabilities. Analysis of the worm indicates that it attempts to upload a trojan to /tmp using wget. Anyone using PHP, AWStats, or Webhints are strongly encourage to verify that they are running current versions. See the following links for more details:
Originally posted by schneemann What about my DLINK-604 firewall hardware is it safe?
As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side.
Originally posted by Capt_Caveman As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side.
In the Dlink manual tells me to updated my Dlink software.
That CD comes with DLINK-604 is 3years old should I update my driver?
Originally posted by schneemann In the Dlink manual tells me to updated my Dlink software.
That CD comes with DLINK-604 is 3years old should I update my driver?
You should always update firmware with the lastest versions. Check the Dlink website to see the most recent release version. Again, I highly doubt that this would affect your router, so I don't believe dlink will release new versions specifically to deal with these vulns. They may have new releases availble to correct other hardware/software bugs though, so upgrading is probably a good idea. Make sure to follow the directions carefully though, as botching a firmware upgrade can turn your router into a brick.
Originally posted by Capt_Caveman You should always update firmware with the lastest versions. Check the Dlink website to see the most recent release version. Again, I highly doubt that this would affect your router, so I don't believe dlink will release new versions specifically to deal with these vulns. They may have new releases availble to correct other hardware/software bugs though, so upgrading is probably a good idea. Make sure to follow the directions carefully though, as botching a firmware upgrade can turn your router into a brick.
I looked into it no available.
So I`m doing fine then
As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side.
I don't know about the Dlink specifically, but some routers (like my Netgear MR814) can be configured to allow access to the config web interface from the WAN side too. Of course, you definiteley shouldn't enable that without a) a very good reason, b) a very good password and c) knowing what you're doing
Since the end of last week, new variants of the Linux worm called Lupper have been making their way through the Internet. Anti-virus experts are using a slew of different names for them: Plupii.C, Lupper.worm.b, Lupper-I and Mare.d.
Internet ne'er do wells have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems. The Mare-D worm also tries to take advantage of a security flaw in Mambo to spread. If successful, the worm installs an IRC-controlled backdoor on compromised systems.
A Linux network worm that installs backdoors to compromised systems and which “listens” for commands from its creator is on the loose, security experts have warned.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
The Lupper Worm Has Mutated
...
