Re: Advice needed, trying to find the vulnerable code on Debian webserver.

To: Ross Tsolakidis <Ross.Tsolakidis@day3.com.au>
Cc: debian-security@lists.debian.org
Subject: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
From: TiM <tim@muppetz.com>
Date: Wed, 16 Jun 2004 11:46:05 +1200
Message-id: <[🔎] 40CF8A3D.3040203@muppetz.com>
In-reply-to: <[🔎] D03D875AFA05D34C98F1B0DBB71C3DBA6E1B33@hermes.powerserve.lan>
References: <[🔎] D03D875AFA05D34C98F1B0DBB71C3DBA6E1B33@hermes.powerserve.lan>


Look at installing mod_security, http://modsecurity.org

Install some rules for it to harden your webserver, see if anything isflagged in the security log.


Ross Tsolakidis wrote:

"Wipe, install, set up chkrootkit and run it often."I've already done that. There was no rootkit.


"How does phpnuke compromise apache if apache is set up correctly?"
I believe it's some of the modules available and running php with 'safe
mode off'.

I need to find the vulnerable code on this box.  And I have no idea
where to begin.
I've tried running virus scans, nothing is infected.


--
Ross

Reply to:

Follow-Ups:
- Re: Advice needed, trying to find the vulnerable code on Debian webserver.
  - From: Alvin Oga <aoga@ns.Linux-Consulting.com>
- Re: Advice needed, trying to find the vulnerable code on Debian webserver.
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- RE: Advice needed, trying to find the vulnerable code on Debian webserver.
  - From: "Ross Tsolakidis" <Ross.Tsolakidis@day3.com.au>

Prev by Date: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Next by Date: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Previous by thread: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Next by thread: Re: Advice needed, trying to find the vulnerable code on Debian webserver.
Index(es):
- Date
- Thread