Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Sep 2009 08:51:42 -0400
From:      Brian Seklecki <seklecki@noc.cfi.pgh.pa.us>
To:        Aflatoon Aflatooni <aaflatooni@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: FreeBSD 6.3 installation hacked
Message-ID:  <1253623902.26253.1.camel@localhost.localdomain>
In-Reply-To: <196554.24096.qm@web56207.mail.re3.yahoo.com>
References:  <196554.24096.qm@web56207.mail.re3.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 2009-09-22 at 05:01 -0700, Aflatoon Aflatooni wrote:
> My server installation of FreeBSD 6.3 is hacked and I am trying to find out how they managed to get into my Apache 2.0.61. 
> 
> This is what I see in my http error log:
> 
> [Mon Sep 21 02:00:01 2009] [notice] caught SIGTERM, shutting down
> [M

According to Apache.org, there were vulns in 2.0.6x before 2.0.63.
However, when you do your forensic analysis, you'll want to focus on
code installed on your webserver that runs with the posix user 'www''s
permissions.
 
  ~BAS




This mail was sent via Mail-SeCure System.





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1253623902.26253.1.camel>