Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th April 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default Compromised Apache binaries load malicious code

From http://h-online.com/-1851442

Researchers at web security firm Sucuri have discovered modified binaries in the open source Apache web server. The binaries will load malicious code or other web content without any user interaction. Only files that were installed using the cPanel administration tool are currently thought to be affected. ESET says that several hundred web servers have been compromised.

The attack has been named Linux/Cdorked.A and is difficult to detect: As cPanel doesn't install the web server through common package managers such as RPM, the verification mechanisms of the package managers won't be any help.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Other SSL CA recently compromised backrow News 0 23rd March 2011 03:46 PM
Savannah software forge compromised J65nko News 0 1st December 2010 04:51 PM
Apache's Atlassian JIRA system compromised J65nko News 1 13th April 2010 10:10 PM
Discovering SSH versions of compromised hosts with nc(1) J65nko General software and network 1 31st December 2009 11:01 AM
Red Hat servers compromised tanked Other BSD and UNIX/UNIX-like 10 25th August 2008 04:41 PM

All times are GMT. The time now is 10:06 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick