[TriLUG] Note to self: Restart Apache after installing openssl updates!
Jeremy Portzer
jeremyp at pobox.com
Sat May 17 15:01:44 EDT 2003
One of my production servers got 0wn3d this morning. I had upgraded the
server OS earlier this week, and immediately applied all the errata.
However, I had apparently forgotten to restart apache after installing the
openssl update. Therefore, a cracker was able to get in using the same
vulnerability as the infamous "slapper" worm. They installed a rootkit,
a trojan'd sshd as a backdoor -- the whole nine yards.
I was able to clean up most of it but will be formatting and reinstalling
as soon as I can schedule some downtime.
Errata are important! And after installing a whole bunch of errata, a
reboot might be a good idea to be sure everything is restarted correctly.
(I really needed to do that to install the updated kernel anyway.)
Regards,
Jeremy
--
/======================================================================\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\======================================================================/
More information about the TriLUG
mailing list