msibley
asked on
ssl_mod exploit
Hi,
Recently we got the following notice from godday regarding our virtual server (redhat):
"Our Security Operations Center has been alerted to an issue on your 'DomainName' Virtual Dedicated Server. The server has been compromised through a vulnerability in mod_ssl, which is called through Apache's mod_proxy module. Once the server was exploited it began attacking hosts outside our network. "
"We have disabled the mod_proxy module on this virtual server. Please upgrade to the latest version of mod_ssl before re-enabling the mod_proxy modules."
Since then, we are having problems authoring our websites with Frontpage.
What does this mean? Are we foobar? Can we fix this?
Mark
Recently we got the following notice from godday regarding our virtual server (redhat):
"Our Security Operations Center has been alerted to an issue on your 'DomainName' Virtual Dedicated Server. The server has been compromised through a vulnerability in mod_ssl, which is called through Apache's mod_proxy module. Once the server was exploited it began attacking hosts outside our network. "
"We have disabled the mod_proxy module on this virtual server. Please upgrade to the latest version of mod_ssl before re-enabling the mod_proxy modules."
Since then, we are having problems authoring our websites with Frontpage.
What does this mean? Are we foobar? Can we fix this?
Mark
Hi,
Whats your distrobution, also if your machine was compromised I would strongly
recommend reinstalling your distribution as their is proberbly a root kit nocking about
Whats your distrobution, also if your machine was compromised I would strongly
recommend reinstalling your distribution as their is proberbly a root kit nocking about
ASKER
Please help a linux novice here.
How do I determine the version of mod_ssl?
When you say "distribution" are you referring to Redhat?
How do I upgrade these packages?
So, you think a hacker gained access to the server beyond exploiting mod_ssl? How can I ascertain if a root kit is present?
Mark
How do I determine the version of mod_ssl?
When you say "distribution" are you referring to Redhat?
How do I upgrade these packages?
So, you think a hacker gained access to the server beyond exploiting mod_ssl? How can I ascertain if a root kit is present?
Mark
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get mod_ssl-2.0.51-2.9.1.swsof t
Can I update the swsoft version with up2date?
Can I update the swsoft version with up2date?
Hi,
Yea just try:
up2date -u mod_ssl
Yea just try:
up2date -u mod_ssl
ASKER
When I enter that command, I get the following response:
bash: up2date: command not found
bash: up2date: command not found
What version of redhat are you using?
ASKER
Linux 2.4.20-021stab028.3.777-en terprise
with Plesk psa v7.5.4_build75051014.16 os_FedoraCore 2
with Plesk psa v7.5.4_build75051014.16 os_FedoraCore 2
Ahhh your running Fedora Core 2 :) type this as root:
yum update
That will update all your packages to the latest builds which will resolve all security issues :)
yum update
That will update all your packages to the latest builds which will resolve all security issues :)
ASKER
guess what?
bash: yum: command not found
bash: yum: command not found
> How can I ascertain if a root kit is present?
> That will update .. which will resolve all security issues :)
if your server was compromised and you cannot asure that there is no root kit, then install your server from scratch.
After installing from scratch copy your data from a backup media where you're sure that it is not compromised, don't copy anything from your current system.
Anything else is insecure.
> That will update .. which will resolve all security issues :)
if your server was compromised and you cannot asure that there is no root kit, then install your server from scratch.
After installing from scratch copy your data from a backup media where you're sure that it is not compromised, don't copy anything from your current system.
Anything else is insecure.
Try to use real Ip other than virtual ip.
BR Dushan
BR Dushan
ASKER
So, how do I install yum?
Mark
Mark
upgade to newest(along with apache and dependencies like php), reinstall Your webpage (since the installed one is proably abused).