Does anyone know any common apache 2.2 exploits and how to stop them? I am setting up a web server and want it to be secure as possible. I currently have a basic lamp server on a ubuntu server.
View 1 RepliesA few days ago I installed F12 and it was working fine very well up until today when I booted my computer from a perfect working order state yesterday to this. Well my wireless was still being sniffed and slowed down to dial up speed but what's new thats been consistant for at least 3 months I can't really do much about it since my brother doesn't like changing the password.
I recently logged onto my new fedora 12, 64-bit, system encrypted (all partitions effected by install), selinux enforced install to find myself in tty4 and some "other" users logged on to the other terminals. My folders would have lock icons on them after opening, my notication menu/toolbar crashed and hasn't returned on system reboot, some data transfers between removable storage returned input output errors while others worked fine(?). I also recieved this kernel bug output from the bug reporting tool but I have no idea what it means.
Also I was not loose with the security either I had removed unconfined login types (After setting up the system as I needed) meaning I couldn't even run root or sudo and neither could anyone else (asfar as I was aware). I pretty much increased selinux to its maximum boolean strictness and limited the _default_(Me included) account to a user from a _default_ unconfined (to actually be able to log in with the selinux boolean in place). Meaning they "the exploiters" were able to bypass selinux as a user account? How is that possible and even if you do root logon is disabled by selinux too?
At the moment I'm on a live cd trying to look for a way to custimise them as it seems it may be my only option.
Just a side note you can't just log in to tty4 by default without actively taking up spaces either by other users or your own use. Meaning since the tty login is automated 3 terminals were in use tty1, tty2 and tty3.
Which commands should I run to find out what is being done?
Edit: Just had my F12 x64 live cd taken down twice and had to hard reset as the toolbar disappeared. Took a photo of the last error message. I was just reading a pdf and using firefox at the time.
Is fedora usually this easy to hack?
When there is an exploit in the kernal, can the iptables firewall get bypass? If yes,how do you know? Otherwise how can you find out.
View 9 Replies View RelatedI have some questions about security
1> are the flash exploits are of any use to a Linux operating system like Ubuntu etc. ?
2>are the Microsoft office exploits any risk to libreoffice or open-office software suites?
3>are there exploits for Linux , open-office and libreoffice ?
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
I refrained from posting this in the Kernel Vulns thread earlier, due to its zero-day status. But now that the issue has been Slashdotted, there's no use in keeping us from publicly discussing this vulnerability. The link to the article (from which I quote below) is here. Brad Spengler's original announcement on the Dailydave mailing list is here.Quote:A researcher has published exploit code for a new vulnerability he discovered in the Linux kernel. The vulnerability is an especially interesting one in that the researcher who discovered it, Brad Spengler, has demonstrated that he can use the weakness to defeat many of the add-on security protections offered by SELinux and AppArmor.
View 9 Replies View RelatedRecently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
View 14 Replies View RelatedI am trying out jUDDI. I have to copy the MySQL JDBC driver to {TOMCAT}/common/lib but the thing is I am new to Linux and I cannot find the common/lib folder. I tried to search for apache inside the usr/lib so that i could copy the MySQL JDBC driver inside it but couldn't find the specific folder. 'Locate' and 'which' were not very helpful. I have installed 'servlet and jsp engine' for tomcat 6.
View 1 Replies View RelatedI installed apache2 and mysql database on a Debian system. It is using reverse proxy on apache to redirect requests to apache2 running on any machine which is on Xen server as a Virtual host. I tried to install Drupal on it. Every thing went fine till I pointed my browser to:
http://IP[/url] of LAN where Drupal was installed/drupal
then I see an installation page of Drupal which welcomes me. I click install in English then it can not proceed to connect with database. Database configuration: Your web server does not appear to support any common database types. Check with your hosting provider to see if they offer any databases that Drupal supports.
I have created a database and username for Drupal separately. What should I check to. There is one more error
http://Public IP/some location/
Is showing me contents of Document Root but there is a folder named drupal on it. When I click on it I get error. Not Found. The requested URL /drupal/ was not found on this server. Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch proxy_html/3.0.0 Server at
What things should I check in for? I am also getting errors like:
- Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName on individual DomU's what should I check in. and on Dom0 when restarting apache2 I get following error.
- Reloading web server config: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Wed Apr 14 15:23:05 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
whats the difference between restarting/stopping apache using 'service httpd restart/stop' and apachectl restart/stop. I know that using 'service httpd restart' is actually a script in /etc/init.d/httpd but what about apachectl?
View 1 Replies View RelatedI decided to consult you before making any changes, because the clients' PCs are spread all over the country and I do not have the physical access to their boxes.The idea is to take away the ability of using sudo for common users.I know that the syntax of this file may vary a bit in different distributions.Our OS is Ubuntu 10.10.I created the account 'support' for me and other technician stuff of our department. So, 'support' user must have all the power. And common users mustn't have access to 'sudo'. This is the requirement.As far as I remember, in Slackware the user must be a member of 'wheel' group to be able to use 'sudo' (but I may be wrong).
View 3 Replies View RelatedI have installed php 5.3.6-4 on centOS 5.6. When i try to install some modules of php then it gives an error
php53-common-5.3.3-1.el5_6.1.i386 from updates has depsolving problems
--> php53-common conflicts with php-common
Error: php53-common conflicts with php-common
[code]....
I have reinstall it twice but each time i get same error.
if i can use Cherokee for my http service rather than Apache2 ? How do i stop apache2 from auto starting at reboot time ?
View 1 Replies View RelatedSomeone/one or more internal process is executing script and running those under login apache. These scripts are being uploaded under /tmp, I've stopped executing under /tmp but that person or process is now calling directly calling apache to execute those script. Here are the logs of /var/log/httpd/error_log file
Code:
--02:58:21-- ftp://coreyrudlprod:*password*@72.167.232.36/a.pl
=> `a.pl'
Connecting to 72.167.232.36:21... connected.
Logging in as coreyrudlprod ... Logged in!
==> SYST ... done. ==> PWD ... done.
[Code].....
I configure my apache and can run http://localhost. There "I see it works!" but if I try to stop apache I get message that httpd is not started. I run
apachectl start - ok
but when I run apachectl stop it says "httpd (no pid file) not running"
I need to stop apache, because this is my dev machine and I want to start apache only when I make changes to my site. I am with slackware13.
I don't mind that apache logs "rotate". By that, I mean that periodically the most recent log is renamed "*.1" and the older logs are bumped up a number In my particular situation, I do mind that the log that was "*.4" is deleted rather than being renamed to "*.5" when that periodic renaming happens.
I know most of the other /var/log files have the same behavior. What does this? Can I change it so my apache logs are "rotated" up but aren't deleted? I know this will take some hard drive space, but I have a lot of it.
EDIT: CentOS 5.3, kernel 2.6.18-128.1.6.el5, Apache 2.2.3
I recently re0instralled and update ubuntu 10.04 LTS. After installing and running debsecan, I found ALOT of problems. Does anyone have experiance with this tool?
View 2 Replies View RelatedIs Linux vulnerable to Java drive-by exploits? Another computer I run on windows 7 just notified me that it was infected through Java, and I'm wondering if my Linux box (ubuntu 10) with Java installed is vulnerable.
View 1 Replies View RelatedMy IP is being spoofed by someone and I suspect it is being used for malicious purposes(possibly illegal ones). How can I stop someone from using my IP? I'm using a dynamic IP but obtaining a new IP seems to be useless. Changing my wireless password will probably just as useless I guess.
View 9 Replies View RelatedWe are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedI've been reading an interesting article about the fact that ISPs are able to collect net data from web users. What I think It's missing in the article is that in some locations it's compulsory for ISPs to collect and save all your networking data (For example, in Spain, where I live, it's compusory to store people's activity on the net for a period of 6 months (minimum) to 2 years (maximum). In the article they state that Witopia can do the job of encrypting your browsing activity and therefore mantain your privacy. Do you know any open source or, at least, free alternative to Witopia? What do you think about the article and about the ways of safeguarding your privacy?
View 9 Replies View RelatedAfter I've booted my machine I can browse the internet over my wireless network just fine, but when I start Evolution email it prompts for my admin password beforeonnecting to ISPCan I automate / avoid my respnse to this password prompt ?
View 4 Replies View RelatedWhen I installed Ubuntu (Lucid) on my new computer, As well as the login password I was asked for a keyring password. I gave one, but I am not sure exactly why I need this password. It seems that it was required to let me access the wifi - even though this has its own security code. I found I could stop the system asking for it every time I tried to connect to the internet using wifi by checking a button in the network setup, but when I registered for Ubuntu One, I was again asked for it - twice, once when I registered and again when I set up Tomboy notes sync. Now I get asked for it again every time I switch on.
I would like to know why the keyring passwords are needed in addition to the login password for a single user computer, which mine is and also how I can stop it asking for this password when I switch the computer on. One suggestion I have seen is to make the keyring password the same as my login password. If that is the case, then how do I change the keyring password?
Im using ubuntu and i run a game server. Ever since i posted my server i have an IP address trying to join my game on a different port everytime, seems random and its nonstop for a week since its been up.
[INFO]/72.52.102.33:[random 5 digit port] lost connection NONstop
I port scanned them and i think its not a person but some service or server type buisness.
I use a linksys router, i couldnt find anything on blocking IP's at the router from the outside.
Is there anything i can do to stop them before the get to this server to login?
i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?
View 14 Replies View Relatedhow can i make apache to run in runlevel2
View 1 Replies View RelatedI've setup the Uncomplicated Firewall (UFW) on Ubuntu 10.04 LTS and blocked an IP address. UFW status shows that the firewall is active and the IP in question is denied. The issue is that I'm seeing the blocked IP address in my Apache logs.
View 1 Replies View RelatedI had 2 accounts on a single system. Other users are able to see my data. how to stop other users to access my personal data.
View 8 Replies View RelatedI am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
View 2 Replies View RelatedIf I enable Wi-Fi on my laptop and use a public Wi-Fi hotspot at an airport, will a firewall such as UFW be enough to stop hackers accessing my personal files which are NOT transmitted over the Wi-Fi connection?
View 9 Replies View Related