[ale] apache recovery
Jonathan Rickman
jonathan at xcorps.net
Thu Sep 19 09:59:49 EDT 2002
On Thu, 19 Sep 2002, Robert E. Karaffa, II wrote:
> Hi folks,
> Our little apache web server (Mandrake 8.0) was brought down yesterday by a
> bot, I think. It was looking for a Windows box to infest, and not finding one,
> it instead filled up our root partition with log entries until it was full,
> thus rendering our server useless. Here's some log entries from /var/log/http:
Without some more specific information, it's difficult to speculate on
what might have happened. It all depends on the brand/version of your http
and ftp server software and what other services were running. If you'd
like to provide it, the following would help narrow down the
possibilities:
Kernel Version
HTTP Server and Version
FTP Server and Version
Output of 'openssl version'
Output of 'ssh -V'
Output from an nmap TCP connect scan run from a different host
Output of 'netstat -lnt' (assuming we can trust it)
copy of the syslog, messages, and debug if present
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list