RE: [SLUG] apache proxy exploit?

From: Russ Wright (rwrigh10@tampabay.rr.com)
Date: Wed Apr 28 2004 - 14:41:10 EDT


Ian Wrote:

Russ Wright wrote:
>> Excellent! But is there a particular place in httpd.conf that I must
place
>> this info or can I just put it right at the top?

>The LIMIT directive can be used in any context, meaning you can put it
>at the top/bottom/inside a vhost directive/wherever.

Okay I added it inside the virtual host and now when I tried to restart the
httpd service
I got an error:
"Starting httpd: Syntax Error on line 886 of /etc/httpd/conf/httpd.conf:
order not allowed here"
Is there some other option I must set?
I checked the syntax and it is exactly as the original email.

>>>To test it telnet to <ip> 80
>> Will do

>Do you have mod_proxy enabled for a reason? Are you hosting content, or
>proxying requests to an internal server, or proxying outbound
>connections, or two of the three?

No Not really should I just remove it from the list of modules?

> I tried this using nmap and all that is open is 21(ftp) ,80 (http) and
5901
> (vncserver)

>I *strongly* recommend against leaving VNC listening. If you've ever
>looked at the source, you'll understand why - buffer overflows galore.

>Seriously consider binding your vncserver to localhost (127.0.0.1) and
>use VNC over ssh for external protection, authentication, and encryption.

>Also, really consider using SFTP (ftp over ssh) instead of FTP, or some
>other form of transport (WebDAV over SSL via apache works well).

I agree and I will do this I'm just going one step at a time. Perhaps I
will call upon you for further assistance as I tighten up the security on
the box.

Regards
Russ

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:59:40 EDT