Re: Debian Investigation Report after Server Compromises

To: debian-user@lists.debian.org
Subject: Re: Debian Investigation Report after Server Compromises
From: Paul Morgan <paulswm@earthlink.net>
Date: Fri, 05 Dec 2003 16:57:31 -0500
Message-id: <[🔎] pan.2003.12.05.21.57.25.580528@earthlink.net>
References: <[🔎] 5.2.1.1.0.20031203101423.032cde10@mail.gain.com> <[🔎] 1070491001.23269.7.camel@Thief> <[🔎] slrnbssr2f.h55.spam@home.bounceswoosh.org> <[🔎] 20031204015230.GA24722@doorstop.net> <[🔎] 878ylt19h1.wl@acamar.localhost.invalid> <[🔎] pan.2003.12.04.20.08.21.407271@earthlink.net> <[🔎] 20031205020515.GC27171@doorstop.net>

On Thu, 04 Dec 2003 18:05:15 -0800, Vineet Kumar wrote:

> * Paul Morgan (paulswm@earthlink.net) [031204 12:32]:
>> I have all services locked down to localhost; my only connections to
>> the outside world are mail, news via nntpcached, web via squid... I run
>> Apache but it too is locked down to localhost.  My mail is run through my
>  
> this ...
> 
>> ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
>> be getting like 10 Svens per day). I do see, from time to time, Apache
>> refusing connections attempts which are generally attacks by Windoze worms.
>   
> ... and this do not add up.  Methinks your apache is not "locked down to
> localhost."
> 

150.140.128.174 - - [03/Dec/2003:08:52:40 -0500] "GET
/.hash=0df2df7b5aeac6aabb9ad2e00c0d150f831fffff HTTP/1.1" 403 322 "-" "-"

[Wed Dec  3 08:52:40 2003] [error] [client 150.140.128.174] client denied by server configuration: /var/www/.hash=0df2df7b5aeac6aabb9ad2e00c0d150f831fffff


-- 
....................paul

"The number of UNIX installations has grown to 10, with more expected."
(The UNIX Programmer's Manual, 2nd Edition, June 1972)

Reply to:

Follow-Ups:
- Re: Debian Investigation Report after Server Compromises
  - From: Vineet Kumar <vineet@doorstop.net>

References:
- Re: Debian Investigation Report after Server Compromises
  - From: "Dr. MacQuigg" <macquigg@ece.arizona.edu>
- Re: Debian Investigation Report after Server Compromises
  - From: Alex Malinovich <demonbane@the-love-shack.net>
- Re: Debian Investigation Report after Server Compromises
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>
- Re: Debian Investigation Report after Server Compromises
  - From: Vineet Kumar <vineet@doorstop.net>
- Re: Debian Investigation Report after Server Compromises
  - From: csj <csj@zapo.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Paul Morgan <paulswm@earthlink.net>
- Re: Debian Investigation Report after Server Compromises
  - From: Vineet Kumar <vineet@doorstop.net>

Prev by Date: Re: Earthlink and Swen
Next by Date: Re: Debian Server Compromise -- A Fire Drill ??
Previous by thread: Re: Debian Investigation Report after Server Compromises
Next by thread: Re: Debian Investigation Report after Server Compromises
Index(es):
- Date
- Thread