Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-09-2005, 12:25 AM   #1
Registered: Jun 2005
Distribution: Centos
Posts: 215

Rep: Reputation: 30
Rogue stuff started by Apache

I'm getting rather frequent exploits on my server resulting in crap being put into the /tmp dir and executed.

Can I flag /tmp not executable but it seems that MySQL is using the dir with x files.

Or can I secure the apache user better maybe? I'm also having some difficulty in finding which site is vulnerable.

Any advice would be appreciated.
Old 06-09-2005, 03:29 AM   #2
Senior Member
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Sounds like you have been penetrated (rooted -use rootkit) as no one should be able to put anything on your server. The normal post intrusion procedure applies - disconnect the server, take an image of the disk(s) and do a fresh install using the latest software and the configure new complex passwords and look at your firewall.
Old 06-09-2005, 08:44 AM   #3
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
You may want to take a close look at how Apache was being abused, so that you don't simply put the same content on your site after rebuilding the box. Make sure to check that Apache/PHP/mySQL/BulletinBoard software were updated versions. You can also check for vulnerable content (like poorly writtten PHP scripts) with nikto. Awstats is also commonly abused and may be the problem if it's installed.

A good place to start looking is your Apache logs, especially for any errors or URLs that contain any of the file names you found in /tmp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache warning when started mhykhh Linux - Software 4 12-17-2005 07:36 AM
Getting started with Apache shazam75 Linux - Software 4 09-26-2005 10:48 PM
Problems getting Apache started Philter Linux - Newbie 7 11-29-2004 04:54 PM
Help getting started with Apache and Proftp jimhe Mandriva 5 08-18-2004 01:04 AM
Apache 1.3 started but not working ? Devboy *BSD 0 08-16-2004 08:29 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration