| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12
Comments:
<0> no its injection via php
<0> they like to mask the process name as something ppl would normally see
<1> hmm
<2> so any luck w/ your spell checker?
<0> it will show as something like proftpd, apache, httpd, ect
<0> working on it, maybe today :)
<0> two|face look in /tmp
<1> ok
<0> i bet you find some fishy stuff there
<0> also do netstat -plan
<0> i bet you'll find that rogue perl process connecting to an irc server
<0> i haven't yet synaptic
<1> ahh
<0> two|face the reasons i suspect this is 1, perl is running as apache user
<0> under a modern installation of apache cgi doesn't run as user apache
<0> because of suexec
<0> only when php calls perl does it run as the apache user
<0> which is a sure sign of an injection in php
<3> two|face: what php powered software do you have installed on the server?
<0> or some php wiki board
<0> two|face there are some good measures you can take to prevent that too
<0> like mounting /tmp and /var/tmp noexec,nosuid
<0> disabling php's access to perl
<0> disabling php's access to wget
<0> and firewalling all output ports
<0> blah
<3> don't forget curl and ncftpget
<0> actually thats just extra security, if you firewall your output right you can stop that stuff cold in its tracks
<0> on my locked down servers, port 25 outbound is the only fully open port
<0> the rest have to related,established before it will allow output
<2> I guess there is one good thing living on the coast, the seafood is cheaper.... I paid $4.99/lb for shrimp yesterday, not bad
<2> in Chicago it's always around 10-12/lb
<3> later everyone.
<3> Redragon^: good luck with the 2.0 release.
<4> thanks
<2> redr, so when will you really start working on the program :P
<4> i'm working :)
<1> so is phpbb vulnerable to injections
<5> This week or last week?
<6> heh
<1> heh guess its not secure then?
<2> 'lo long
<5> In fairness because if its popularity it probably receives more attention than other web applications.
<4> true
<5> It's very difficult to write secure applications in PHP
<4> very
<4> by design php was built on ease more than security is my thought
<1> yep, so is there any way to find out where this injetion is coming from? or how to stop it from restarting :)
<5> Redr: It's /so/ much worse than that
<7> how can I change my Sound Card in Salck ? ,,, I have two but I want to use the PCI card .. thnq
<5> Sam: Best guess, edit /etc/modules.conf
<5> Or modprobe.conf
<5> two: Are you running the very latest version of phpBB?
<1> ytep
<5> What version is it?
<0> .o
<8> hey!
<2> what is your problem now maxxz
<4> longword and ppl wonder why i dont trust plesk hehe
<7> thnq longword
<1> longword: 2.0.19
<1> christ they are multiplying :( four of them now
<0> okay two|face lets take some measures real quick
<5> two: Exactly what's going on?
<0> longword injections into /tmp i thinks
<0> irc bots
<1> yeah I looked in /tmp but I'm not sure what to look for
<5> two: And how are you certain it's phpbb?
<1> I never said I was certain :)
<1> just wondering
<5> Mambo seems to be the flavour of the hour
<0> dont know if its phpbb but its most likely php in some form
<1> beause I know it has had exploits in the past
<0> the injections are running as nobody and he is using suexec so i'm thinking php
<1> so I have some perl scripts being executed by the user apache, if only one is running it uses 90% of the cpu, currently there are four each using 20%
<9> hi, i just got a new proxim wireless card, how do i know what driver is ubuntu using for it?
<0> two|face lets do a few things real quick
<1> sure
<0> mount -o remount,acl /
<1> ok, can I ask what it does before I do it :)
<0> your remounting the root filesystem with file acl support
<0> so we can disable some things from php
<1> ok
<0> like perl, wget, ect
<0> your apache running as apache:apache?
<0> setfacl -m u:apache:- /usr/bin/perl
<10> BOO
<0> setfacl -m u:apache:- /usr/bin/wget
<0> hiya
<10> hi :D
<10> still wondering how can I make lm_sensors work on my toshiba satellite pro a60
<1> apache apache? not sure what you mean, mount -o remount,acl / ... mount: / not mounted already, or bad option
<10> I can't find any way to see my system temperature
<0> user and group apache
<0> okay thats a wierd error, / should be mounted
<0> what partition is / ?
<1> I thikn there is only one maine partition, I didn't set it up myself
<11> what is the command to add a user on a linux server?
<1> adduser
<11> that's all?
<10> lewl
<10> kiddie allert !
<0> two|face df -h
<1> I tried mount -o remount,acl / again and it says: mount: according to mtab, /dev/hda3 is already mounted on /
<0> actually adduser is usually a distro based script, the universal command is useradd
<1> yeah hda3
<0> okay do this two|face mount -o remount,acl /dev/hda3
<1> gave me the previous error, / not mounted already, or bad option
<0> what distro you using?
<8> I think the acl option is the culprit
<1> fc2
<0> might be but i think all the modern distros support acl out of the box
<0> longword any input on fc2 support of acl ?
<1> I checked the man file and it didn't mention acl in the options list
<0> ugg then your not gonna get acl support :(
<0> which is unfortunate
<1> ok, anything else I can do :)
<10> damn ..
<0> we can try making /tmp a noexec,nosuid partition
<10> how the heck can I see the system temperature ?!?!?
<10> damn lm_sensors doesn't recognise my chip
<1> hmm
<10> :((
<1> so you think they are uploading executeable data
<1> haha
<1> I found something in tmp, "you are hacked by aleks ..."
<1> blah blah blah
<10> I wanna see !!! =))
<0> mount -t tmpfs -o size=1024m,noexec,nosuid none /tmp
<0> two|face i know they are
<0> run that mount command
<1> ok ran it, no errors :)
<1> yep
<0> okay kill those rogue processes
<1> cool
<1> ok should that fix it? hopefully? :)
<0> its a start
<0> the typical injection attacks that should stop
<12> I have a sony vaio vgc-RA830g system. I am trying to recover data using a liveCD like Knoppix or Ubuntu to backup some files. The difficulty I have is, it has two 150gig SATA drives raided together. and Linux doesn't seem to be able to see them and auto mount them. Thanks for any comments you have.
<0> i recommend moving to FC3 or 4 though
<1> yeah I'm gonna move to debian if I can
<0> !system rescue cd
<13> system rescue cd is, like, yet another Linux bootable CD like lnxbbc only better. It supports all your weird freaky filesystems, can resize NTFS?, and it generally kicks butt - http://www.sysresccd.org/, or a bit over 100MB, fits on a mini CD, or useful for resizing NTFS partitions.. Did I mention it can resize NTFS
<10> fedora core 5 next week ..
<10> yeey
<1> been thinking of switching providers anyway
<1> how are the new fedora releases?
<0> two|face i personally dont recommend debian if your going to take these security precautions
<1> ok
Return to
#linuxhelp
or
Go to some related
logs:
adel skype
#c++
#skype
nasm relocation truncated to fit: R_386_16 against `.text'
reading the error_log
#linux
What play contains the line 'something is rotten in the state of Denmark' ?
language of swizertland
no se cual es el username de ubuntu
philipno
|
|