Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Webserver being used as a Proxy

Posted on 2004-08-09
2
Medium Priority
?
201 Views
Last Modified: 2010-03-04
One of our Client's has a webserver that runs on Mandrake and is using Apache. I am not a Linux guru but I can navigate my way around. I did figure out that the server was being used as a proxy by looking in the httpd/error_log. There are Proxy errors in there and you can see where someone is trying hack some yahoo logins. Or they are logging in on them.

My situation is that our Linux guru is on the road and will not be available to look at it for several hours. We have shut off the IP's that they were coming in through. So my question is two-fold. One, how do I find out what version of Apache they are using. I am guessing that it was a vulnerability there that is the issue. Two, has anyone else seen this before and do you know what service might be used for the proxy? SSH and HTTP/S were all open.
0
Comment
Question by:kevinlw1974
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Accepted Solution

by:
ronan_40060 earned 2000 total points
ID: 11761603
Hello kevin
In linux  to find out the version of apache that you have installed
go to the bin directory of apche on your OS once your in there
i.i /usr/local/apache/bin
type ./httpd -v

you should see the version of apache installed

good luck
ronan
0
 

Author Comment

by:kevinlw1974
ID: 11763019
Thanks, we were able to track down the issue even further. But you staill answered my question so you get credit :)

The issue is that Mandrake had the mod_perl running with Apache and I guess an Apache vulnerability was exploited. They had a perl proxy running some bots.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question