|
Hi All, I just wanted to share an experience with you that we just went through. Our Linux WebServer got hacked. It isn't a Linux or Apache thing, but some of the websites on that server use AWSTATS. Apparently, there is a vulnerability in AwStats versions 5.0 to 6.2, and only if you allow updates from the web. In a nut shell, the vulnerability allows the user to execute system commands from an HTTP request. This particular hack reads the Apache config file and finds all the website root directories. It only needs to find a single site to exploit the vulnerability, so even other sites on the machine that do not use AwStats will be affected! It replaces all the index.* files with a series of index files that look like this: http://www.twoguysthinking.com And if that wasn't enough, it then deletes ALL files and directories in that website directory tree that contain the letter combination "log". At first, I thought this meant just deleting the Apache log files, but then I realized any graphics with the word "logo" in the name were gone. Then the real fun began: we host a number of BLOG sites. Any web pages, directories, program files, etc. with the term "blog" in their names were also gone. Needless to say, we had a great time fixing this little problem. To patch the vulnerability, update AwStats to version 6.3 and/or dissallow Update from the web by changing the AwStats config file. If you are not running AwStats or are running it but already do not allow update from the web, then you should not be vulnerable. Joel Cochran http://www.rpgnext.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.