Archive of UserLand's first discussion group, started October 5, 1998.

Re: Walking around amsterdam

Author:Eric Soroos
Posted:5/14/2000; 4:15:09 PM
Topic:Walking around amsterdam
Msg #:17300 (In response to 17298)
Prev/Next:17299 / 17301

As I understand it, the recent hacking of apache.org was due to a default install that had a door open.

That's not quite accurate.

The hack came due to a combination of world writable ftp directories that were in the web server tree and a not secure installation of Bugzilla (a set of perl scripts for tracking bugs that interface with MySql). Bugzilla is apparently difficult to install securely, and as a consequence, MySql was running as root.

The hack vector was (roughly) ftp -> web directory -> php file -> mysql (running as root) -> hacked.

In default red hat installations, there are no world writable ftp directories, and bugzilla and mysql aren't even installed.

eric

ps, the attack explanation is here: From http://www.dataloss.net/papers/how.defaced.apache.org.txt




There are responses to this message:


This page was archived on 6/13/2001; 4:55:12 PM.

© Copyright 1998-2001 UserLand Software, Inc.