Re: security issues with apache!
----- Original Message -----
From: "Petter Senften" <isecore@isecore.net>
To: <debian-user@lists.debian.org>
Sent: Tuesday, March 07, 2006 3:23 AM
Subject: security issues with apache!
[deleted for brevity]
Now, like I said - I'm not a pro, I'm trying to learn by doing.
Unfortunately how this happens is way over my experience, and now I could
really use some help in fixing this leak. I've narrowed it down to Apache
only, but I have no clue as to how to seal the leak. I'm running a small
server in my home using (mostly) Debian Sarge. This is a real
Frankenstein-machine as it was originally a Woody-box, but it's been
upgraded with bits from all over. It's been running pretty much constantly
for three years. Of course I apply security fixes when they arrive, but I
don't know if the source of these intrusions is Apache or just that I have
managed to fubar some setting somewhere, allowing an attacker to make
Apache execute code.
Essentially the machine is Debian Sarge, with MySQL and PHP4. There are
other services running on it, but I've noticed that the
intrusions/code-executions only happen through Apache. MySQL only listens
on localhost and accepts no connections from the outside. Hence, I hope
that this is limited to Apache. Apache is 1.3.x, MySQL 4.0.24 and PHP 4.3
There's at least a later version of Apache out. FWIW (my 2 cents), I'd back
up essential data and do an install with the latest Sarge distribution,
paying attention to major and minor version upgrades along the way, then
restore the user data.
Reply to: