[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Apache exploit

Based on the analysis from the Malware Must Die Blog and some other things
I've heard about this, it looks like the original source of compromise is
most likely Plesk or CPanel.  Doesn't look like there's any Apache
vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
*this* attack.

On Tue, Apr 2, 2013 at 1:10 PM, Beddingfield, Allen <allen at ua.edu> wrote:

> I was just wondering if any of you had encountered this one/were aware of
> it.  I don't see any references to CVE's or hard details, aside from the
> analysis in the third link.  Maybe it is time to move putting Apparmor
> around Apache on our web servers higher to the top of the to-do list.
> http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
> https://news.ycombinator.com/item?id=5479812
> http://malwaremustdie.blogspot.com/2013/03/the-evil-came-back-darkleechs-apache.html
> Allen B.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

David Tomaschik
OpenPGP: 0x5DEA789B
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130402/be82f8be/attachment.html>