[ale] Apache exploit
David Tomaschik
david at systemoverlord.com
Tue Apr 2 16:23:00 EDT 2013
Based on the analysis from the Malware Must Die Blog and some other things
I've heard about this, it looks like the original source of compromise is
most likely Plesk or CPanel. Doesn't look like there's any Apache
vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
*this* attack.
On Tue, Apr 2, 2013 at 1:10 PM, Beddingfield, Allen <allen at ua.edu> wrote:
> I was just wondering if any of you had encountered this one/were aware of
> it. I don't see any references to CVE's or hard details, aside from the
> analysis in the third link. Maybe it is time to move putting Apparmor
> around Apache on our web servers higher to the top of the to-do list.
>
>
>
> http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
>
> https://news.ycombinator.com/item?id=5479812
>
>
> http://malwaremustdie.blogspot.com/2013/03/the-evil-came-back-darkleechs-apache.html
>
> Allen B.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130402/be82f8be/attachment.html>
More information about the Ale
mailing list