Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Malicious Apache Module Injects Iframes |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
 Posted: Mon 10 Sep '12 19:56 Post subject: Malicious Apache Module Injects Iframes |
 |
|
Just stumbled over the following:
Malicious Apache Module Injects Iframes | Unmask Parasites
I recommend that you check if all Apache modules on your server are legitimate. A check is that you check it against the download with PGP and/or SHA Checksums. You should also check all modules loaded in httpd.conf and its include files.
Steffen |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 11 Sep '12 2:26 Post subject: |
|
|
Fortunately, like the Slapper, looks to be a *nix thing. The deal with *nix is all that stuff is handled by the distributor since so few compile their own. Since we're talking mod_log.so, mod_security.so (today it's mod_security2.so) I'd think some repositories have been poisoned. The others are obviously from elsewhere, mod_spm_* ones at least would be easier to spot.
I think more info is needed, like how these modules got onto these servers to begin with. |
|
| Back to top |
|
|
|
|
|
|
