The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache 1.3.36 is really secured?

Discussion in 'EasyApache' started by AlexandreVeezon, Jul 18, 2006.

  1. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Hello people...

    one more question in here.
    Anybody knows about security fails in apache 1.3.36?
    exists the possibility of anyone execute any malicious script in a secured machine through apache?
    And worst, can anyone replace all index.php of all domains through apache?

    hehehe

    questions, questions...
    I have to discover how one hacker have access to system through apache.
    And how to block this ;)

    any help will be appreciated

    thank you
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Apache is just a software application running on the system. The vast majority of attacks are aimed at the systems themselves. As someone has pointed out,
    "If you have 1GB/s heading for your server then the pipe is going to saturate before Apache even gets a chance to see the packets."

    I suggest you either go to a bookstore or a library in your home-town and find books discussing Apache and security. You can also google. Here is one site that discusses Apache and security:
    http://www.securitydocs.com/Web_Security/Apache

    This is the $64,000 question. When you find the answer, please post it here. Good luck! :D
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If it's on all sites on the server it's most likely an exploited php script on the server. You'll have to do some trawling through the domain logs in /usr/local/apache/domlogs to find out which script is to blame.
     
  4. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Thank you chirpy and AndyReed.

    I'll see your suggestions and post my working in here...
    But now, I have to discover the domain that host the script, because this attack cames from a non-customer ;)

    And AndyReed, if I find the answer, it will cost less than 64,000 :D
     
  5. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    well, as I said... I'll post in here the my discovery...

    Well, the problem start because one domain host one file called c99.php
    Anyone know that? C99 Shell.. if you search it on google, you'll see several links.

    This script let anyone have access to machine easily, including searching files, execute comands as chmod, touch, ls, cd, and much more.
    This script only works in machines that don't have mod_security installed. In my case, this isn't the problem.. the problem... the BIGG big really big trouble is this lines:

    Code:
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    When inserted in .htaccess, all mod_security goes down to domain. :confused:

    So, the new question is:
    How to make mod_security ignore .htaccess disable file?

    Just one more thing... With c99.php, the people upload one file called dc.pl
    limited with chmod 750 /usr/bin/perl

    Well, maybe we can solve all the issues helping each other hehe
    thank you!
     
  6. patryk

    patryk Active Member

    Joined:
    May 3, 2005
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Turn on safe_mode and open_basedir protection to avoid such problems.
     
  7. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Sure, but its is only one solution...

    the big answer is: "how to mod_security is not ignored in .htaccess file" :rolleyes:

    well... let's wait for more people to give their words ;)
     
  8. pross

    pross Well-Known Member

    Joined:
    Mar 14, 2005
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    You can compile mod_security with the -DDISABLE_HTACCESS_CONFIG flag which will prevent any users disabling or modifying your mod_security ruleset.

    the answer was already in the forums!
     
  9. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Yeahhhh!!!

    I'll try! :D

    Thank you!
     
  10. agressor

    agressor Active Member

    Joined:
    May 15, 2005
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    and how i can add -DDISABLE_HTACCESS_CONFIG this flag and where?
     
  11. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    You can do that by compiling mod_security with that flag.
     
Loading...

Share This Page