Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Ars Technica: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ars Technica: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too

twaintwain Member
edited May 2013 in General

http://arstechnica.com/security/2013/05/attack-hitting-apache-sites-goes-mainstream-hacks-nginx-lighttpd-too/

Don't want to stir up unneeded paranoia, however, I'd advise, just to be safe, that everyone use rpm --verify on their appropriate webserver binaries/packages...

For Debian/Ubuntu, you can use the debsums command (very nice tool):

For example, to check the integrity of Apache 2.2 on Ubuntu/Debian:

apt-get update && apt-get install debsums

debsums_init --> this updates the md5 db

debsums apache2.2-bin

debsums apache2.2-common

... Every file shows should show "OK". If not, then you should investigate obviously.

For apache, you may want to check more than the above packages, but the above two are minimum check/starting point.

Of course, modify accordingly for nginx/lighttpd etc.

Comments

  • kbeeziekbeezie Member
    edited May 2013

    This the same one that was already fixed in Nginx 1.4.1 and 1.5.0 ?

    Edit: yep was a vulnerability in 1.3.9->1.4.0, but been fixed in 1.4.1 and 1.5.0 yesterday, and far as FreeBSD goes those versions are already committed to the ports.

    I think they're also updated in dotdeb too for debian/ubuntu (and likewise would be updated with the Ubuntu PPA which I'd prefer over dotdeb for nginx).

  • SetsuraSetsura Member

    Thanks for the tip, I checked all my servers with that and they all come back good, and I've noticed no strange activity lately. Good luck to everyone.

  • texteditortexteditor Member

    time for everyone to write our own httpds

  • ChronicChronic Member

    @texteditor said: time for everyone to write our own httpds

    Sounds like a good way to multiply the amount of exploits.

  • kbeeziekbeezie Member

    @Chronic said: Sounds like a good way to multiply the amount of exploits.

    LoL , especially when re-inventing the wheel you're probably going to open yourself up to bout a hundred different exploits that have already been patched up in the popular engines.

    that or just end up with a very secure, but slow-as-shit-buggy-server.

  • IntcsIntcs Member
    edited May 2013

    @kbeezie said: LoL , especially when re-inventing the wheel you're probably going to open yourself up to bout a hundred different exploits that have already been patched up in the popular engines.
    that or just end up with a very secure, but slow-as-shit-buggy-server.

    It's only beneficial to kids copying exploit tutorials and its "how to", they won't get that anymore. But a real attacker will likely have fun choosing an exploit to use :)

  • kbeeziekbeezie Member

    @Intcs said: It's only beneficial to kids copying exploit tutorials and its "how to", they won't get that anymore. But a real attacker will likely have fun choosing an exploit to use :)

    Indeed, Knowing is half the battle.

  • graemepgraemep Member

    I did write my own web server once. Its reasonably fast (given its not in a compiled language), fairly low memory usage (event driven) and easily extensible but it is very short of built in features: static files and TCL scripts only - not even CGI support.

    Probably my biggest waste of time project ever, except that I learned a lot.

Sign In or Register to comment.