On 02/05/2013 12:29, Jess Holle wrote: > http://blogs.cisco.com/security/linuxcdorked-faqs/ claims this is not a > cPanel vulnerability per se...
To quote the relevant part of that article: <quote> How are attackers gaining access to the host servers? How the attackers are gaining root access to begin with is a separate matter, still unresolved. Attackers may have stolen login credentials via phishing, or via a localized infection on a management system, or simply by brute-force guessing the login. </quote> httpd is simply the vehicle the attackers are using to run their malware *once they already have root access* There is no Apache http vulnerability to see here. Move along. Move along. Mark > > On 5/2/2013 6:22 AM, Darryl Lewis wrote: >> "Last Friday (April 26), ESET and Sucuri simultaneously blogged about the >> discovery of Linux/Cdorked, a backdoor impacting Apache servers running >> cPanel." -http://blogs.cisco.com/security/linuxcdorked-faqs/ >> >> So it looks like an cPanel application vulnerability, not an Apache >> vulnerability. The title of that first article in simple WRONG. >> And seriously, who manages a site via cPanel? If you use cPanel, maybe >> linux isn't a good fit for you. >> >> >> On 2/05/13 7:48 PM, "Brian Burch" <br...@pingtoo.com> wrote: >> >>> On 02/05/13 09:32, André Warnier wrote: >>>> M Eashwar wrote: >>>>> Hi, >>>>> >>>>> Anyone attacked with reference to below URL? >>>>> >>>>> >>>>> http://efytimes.com/e1/fullnews.asp?edid=105167&ntype=mor&edate=4/29/201 >>>>> >>>>> 3 >>>>> >>>> Never heard of "EFYtimes" before, but considering what I have been >>>> reading lately about bots, I would advise a modicum of caution before >>>> following this link. >>>> (And also maybe a modicum of healthy scepticism about that news article >>>> itself). >>> This vulnerability applies only to apache httpd and is not relevant to >>> tomcat. >>> >>> ALSO, it only applies to apache httpd when installed via a third-party >>> automated management system that is reported to not verify the digital >>> signature of the binary... which would be very negligent. >>> >>> You should always verify apache packages against the published >>> signatures. Although linux distribution rpm and deb packages are >>> automatically verified during installation, we strongly recommend >>> installing packages directly from the official apache distribution >>> servers and then verifying the signature yourself - prior to >>> installation! >>> >>> Regards, >>> >>> Brian >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> . >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
