Interesting....let us know what you find. Sent from my iPhone
> On Jan 4, 2016, at 9:06 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: > > I don't think index.html was changed, but I only took a quick look. > I have it backed up in a tgz file, so when the Linux box comes back up > (maybe tomorrow), I'll take a closer look > > It is also possible that there was something wrong with httpd.config . > It is quite complex, with numerous RewriteRule, etc. However, even > when I commented out ALL the virtual hosts, the problem persisted. > But if I left a simple vhost and put a RewiteRule that (for reasons that I > don't > know) it didn't like, then it returned a failure. When I put it back > together, > I'll build up httpd.config slowly. > > Thanks, > Mike. > -- > Michael D. Berger > m.d.ber...@ieee.org > http://www.rosemike.net/ > > > From: Michael D. Wood [mailto:m...@itsecuritypros.org] > Sent: Monday, January 04, 2016 20:27 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Was the index.html file modified in anyway? Did it call the executable? Any > rewrites or any other files added to the path index.html resided? > > Sent from my iPhone > >> On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: >> >> It was not overwritten. If you looked on the server, it was just fine. >> But an executable was delivered instead. In any case, it is gone >> with the wind -- DBAN is now running on the server. Hopefully, >> the reinstallation will work better. >> >> Mike. >> >> -- >> Michael D. Berger >> m.d.ber...@ieee.org >> http://www.rosemike.net/ >> >> >> >> From: Dino B. [mailto:mypascal2...@gmail.com] >> Sent: Monday, January 04, 2016 19:36 >> To: users@httpd.apache.org >> Subject: RE: [users@httpd] Possible virus via httpd server >> >> Hmmm, index. Html is just default page??? Strange that that it got >> overwritten by some executable >> >> -- >> Dino Buljubasic >> >> -- >> Dino Buljubasic >> Cell 604 441 3560 >> >> Please pardon my brevity - sent from my mobile device. Please excuse any >> typos. >> >>> On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: >>> Following your suggestion, I made use of my daily backups to install >>> the httpd.conf from two days ago, when all was well. The problem was >>> the same. I tried sublitting a file to sophos, but I would have to >>> join, and I am not ready for that. See also my next email. >>> >>> Still heading toward DBAN. >>> >>> Thanks, >>> Mike. >>> >>> -- >>> Michael D. Berger >>> m.d.ber...@ieee.org >>> http://www.rosemike.net/ >>> >>> >>> > -----Original Message----- >>> > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] >>> > Sent: Monday, January 04, 2016 11:25 >>> > To: users@httpd.apache.org >>> > Subject: Re: [users@httpd] Possible virus via httpd server >>> > >>> > Hi Mike. >>> > >>> > You might like to send this to sophos for analysis: >>> > >>> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx >>> > >>> > As index.html is the default page if nothing else is >>> > configured, has your httpd.conf file been modified to server >>> > this binary file instead of index.html? >>> > >>> > HTH, >>> > >>> > Keith Roberts >>> > >>> > On 4 Jan 2016, at 16:18, Michael D. Berger >>> > <m.d.ber...@ieee.org> wrote: >>> > >>> > > Warning: This message contains unverified links which may >>> > not be safe. You should only click links if you are sure >>> > they are from a trusted source. >>> > > Examining with Lemmy (A Windows version of VI), it looks >>> > like a binary file. >>> > > Size is 181.4 KB. >>> > > I am considering my favorite virus remover: DBAN, but it would take >>> > > several days work to recover from that. >>> > > >>> > > Mike. >>> > > -- >>> > > Michael D. Berger >>> > > m.d.ber...@ieee.org >>> > > http://www.rosemike.net/ >>> > > >>> > > >>> > >> -----Original Message----- >>> > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] >>> > >> Sent: Monday, January 04, 2016 05:03 >>> > >> To: users@httpd.apache.org >>> > >> Subject: RE: [users@httpd] Possible virus via httpd server >>> > >> >>> > >> Well, what do you see if you examine the file in a text editor? >>> > >> >>> > >>> -----Original Message----- >>> > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] >>> > >>> Sent: 04 January 2016 05:03 >>> > >>> To: Apache-Users >>> > >>> Subject: [users@httpd] Possible virus via httpd server >>> > >>> >>> > >>> Using my WinXP Firefox client to access my previously >>> > working httpd >>> > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead >>> > >>> of my >>> > >>> index.html . Do you think I have a virus on my Linux box? I did >>> > >>> notice that my iptables is not as tight as it should be. >>> > >>> >>> > >>> -- >>> > >>> Michael D. Berger >>> > >>> m.d.ber...@ieee.org >>> > >>> http://www.rosemike.net/ >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >> >>> > --------------------------------------------------------------------- >>> > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> > >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> > >>> >>> > >>> >>> > >> >>> > --------------------------------------------------------------------- >>> > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> > >> For additional commands, e-mail: users-h...@httpd.apache.org >>> > >> >>> > > >>> > > >>> > > >>> > --------------------------------------------------------------------- >>> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> > > For additional commands, e-mail: users-h...@httpd.apache.org >>> > > >>> > >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> > For additional commands, e-mail: users-h...@httpd.apache.org >>> > >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org
