[TriLUG] Note to self: Restart Apache after installing openssl updates!

Jeremy Portzer jeremyp at pobox.com
Sat May 17 15:01:44 EDT 2003


One of my production servers got 0wn3d this morning.  I had upgraded the 
server OS earlier this week, and immediately applied all the errata.  
However, I had apparently forgotten to restart apache after installing the 
openssl update.  Therefore, a cracker was able to get in using the same 
vulnerability as the infamous "slapper" worm.  They installed a rootkit, 
a trojan'd sshd as a backdoor -- the whole nine yards.

I was able to clean up most of it but will be formatting and reinstalling 
as soon as I can schedule some downtime.

Errata are important!  And after installing a whole bunch of errata, a 
reboot might be a good idea to be sure everything is restarted correctly.  
(I really needed to do that to install the updated kernel anyway.)

Regards,

Jeremy

-- 
/======================================================================\
|  Jeremy Portzer	jeremyp at pobox.com	trilug.org/~jeremy     |
|  GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\======================================================================/




More information about the TriLUG mailing list