Re: rlx blade server attacked

To: Jason Sopko <jason@sopko.net>
Cc: Debian Security List <debian-security@lists.debian.org>
Subject: Re: rlx blade server attacked
From: Michael Renzmann <mrenzmann@dylanic.de>
Date: Fri, 13 Sep 2002 20:45:32 +0200
Message-id: <[🔎] 3D82324C.8000604@dylanic.de>
References: <[🔎] 3D8203DE.4090707@dylanic.de> <[🔎] 3D82185C.5010406@sopko.net>

Hi Jason.

Jason Sopko wrote:

The Apache worm you're infected with was posted on bugtraq earlier
today. It exploits mod_ssl and can be identified by doing a ps -ax |
grep bugtraq (it runs as the name .bugtraq). The source for it is here:

http://dammit.lt/apache-worm/apache-worm.c

Thanks a lot for the fast reply. You are right, I can approve that thisis the worm that attacked the management blade. It started it's attacksomewhere around noon (local time) today. The management blade isvulnerable to this attack as it is based on RedHat 7.3 (maybe it wouldhave been better if RLX had stick to Debian as they used before).


Thanks a lot for the help.

Bye, Mike

Reply to:

Follow-Ups:
- Re: rlx blade server attacked
  - From: Tunggul A Siswoyo <swirl@undip.net>

References:
- rlx blade server attacked
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: rlx blade server attacked
  - From: Jason Sopko <jason@sopko.net>

Prev by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Next by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Previous by thread: Re: rlx blade server attacked
Next by thread: Re: rlx blade server attacked
Index(es):
- Date
- Thread