Apache got hacked, how to fix that?

Discussion in 'Apache' started by PaulMMM, Feb 12, 2009.

0
  1. #1
    hey guys, I got hacked a week ago. In httpd error_logs I found this stuff:
    Code: [Select]error_log.1   [----]  0 L:[ 43+57 100/705] *(8732/92031b)= [  91 0x5B
[Tue Feb  3 06:59:21 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/bug/signup_page.php
[Tue Feb  3 06:59:22 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/bugtracker/signup_page.php
[Tue Feb  3 06:59:22 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/tracker/signup_page.php
[Tue Feb  3 06:59:22 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/mantisbt/signup_page.php
[Tue Feb  3 06:59:22 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/support/signup_page.php
[Tue Feb  3 06:59:23 2009] [error] [client Ñ…Ñ….Ñ…Ñ….Ñ…Ñ….Ñ…Ñ…] File does not exist: /var/www/html/support/mantis/signup_page.php
--10:14:00--  http://yy.yy.yy.yy/.M/b.tgz
           => `b.tgz'
Connecting to yy.yy.yy.yy:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 967 [application/x-gzip]

    0K                                                       100%   38.43 MB/s

10:14:01 (38.43 MB/s) - `b.tgz' saved [967/967]

sh: php: command not found
--10:14:30--  http://yy.yy.yy.yy/.M/xad
           => `xad'
Connecting to yy.yy.yy.yy:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 522,375 (510K) [text/plain]

    0K .......... .......... .......... .......... ..........  9%   39.75 KB/s
   50K .......... .......... .......... .......... .......... 19%  122.90 KB/s
  100K .......... .......... .......... .......... .......... 29%  156.61 KB/s
  150K .......... .......... .......... .......... .......... 39%  174.90 KB/s
  200K .......... .......... .......... .......... .......... 49%   78.87 KB/s
  250K .......... .......... .......... .......... .......... 58%  309.52 KB/s
  300K .......... .......... .......... .......... .......... 68%   35.19 KB/s
  350K .......... .......... .......... .......... .......... 78%   68.09 KB/s
  400K .......... .......... .......... .......... .......... 88%   83.80 KB/s
  450K .......... .......... .......... .......... .......... 98%   87.92 KB/s
  500K ..........                                            100%  116.17 KB/s

10:14:37 (78.81 KB/s) - `xad' saved [522375/522375]

[Tue Feb  3 11:47:59 2009] [error] [client zz.zz.zz.zz] script not found or unable to stat: /var/www/cgi-bin/textenv.pl
    Code (markup):
    How to fix this vulnerability? I have apache 1.3
     
    PaulMMM, Feb 12, 2009 IP
  2. ipdedicated

    ipdedicated Peon

    Messages:
    25
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    That's probably through an insecure php script. Are your php scripts secure? Install suhosin or mod_security for higher protection.
     
    ipdedicated, Feb 12, 2009 IP