Apache Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationApache Development
Reload this Page

apache-secruity leaks ---what , how, & why

Discuss apache-secruity leaks ---what , how, & why in the Apache Development forum on Dev Shed.
apache-secruity leaks ---what , how, & why Apache Development forum discussing HTTP Server general topics, configuration, and modules. Apache is an open source web server that runs on multiple platforms.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old July 30th, 2001, 09:16 PM
worldtouch worldtouch is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2001
Location: Milian, Italy
Posts: 357 worldtouch User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 8
Question apache-secruity leaks ---what , how, & why
would folks tell me how, why, what....

apache has security leaks:

someone break into my system, he saw that I have developed from yesterday and these
new-pages at about 1 o'clock are inside a directory protected .htaccess & .htpasswd ( /X/Y/apache)
62.252.128.4 213.104.129.23



why he can do that ??????

I have the evidence!!!! it was well recorded in router log and apache status log and access-log.
he can't just run away.





jenny
Reply With Quote
  #2  
Old July 30th, 2001, 10:45 PM
freebsd freebsd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2001
Posts: 5 freebsd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Start here -> http://www.google.com/search?q=brute-force+htpasswd

Setting MaxKeepAliveRequests and KeepAliveTimeout lower should help a bit.

Don't forget to check this too -> http://www.digital-concepts.net/cgi-iprotect.html
Reply With Quote
  #3  
Old July 31st, 2001, 12:33 AM
worldtouch worldtouch is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2001
Location: Milian, Italy
Posts: 357 worldtouch User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 8
I admitted a simple a simple passwd but...
not not a simple login name (these name are not in english at all)
cracker / hacker may have power passwd cracker program only he knew when login + passwd to work with.



jennifer.
Reply With Quote
  #4  
Old July 31st, 2001, 09:14 AM
freebsd freebsd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2001
Posts: 5 freebsd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Then it was more than likely a password sniffing and you should definitely install SSL on top of Apache.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationApache Development > apache-secruity leaks ---what , how, & why

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
Stay green...Green IT