Re: [SLUG] Quick Apache question

From: Derek Glidden (dglidden@illusionary.com)
Date: Tue Jun 25 2002 - 11:18:23 EDT


On Tue, 2002-06-25 at 10:50, Bill wrote:
> What could cause Apache to stop running?
>
> I was unable to reach my own site using either its url or ip address so I
> restarted apachectl and now it runs fine. What I want to know is what could
> have killed it to begin with?
>
> What, if anything, would give me a clue in the log files?

This could be related to the recent Apache vulnerability. Look for log
entries like this:

[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
        Segmentation fault (11)

in either your Apache or system logfiles. If you see these, that's an
indication that some `1337 ha><0r d00d is trying to r00t your box
through the vulnerability but all he's managing to do is DOS you.

In any case, you should absolutely upgrade to the latest version of
Apache that fixes the bug. You should also seriously consider auditing
your box to make sure that nobody did manage to get in with any sort of
Script Kiddie attack.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec -

http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ http://www.eff.org/ http://www.anti-dmca.org/



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:01:21 EDT