You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "H. Carter Harris" <ca...@technettn.net> on 2005/05/12 20:01:04 UTC
[users@httpd] Problem moving websites
I'm trying to move some websites from one host to another. I thought I had
the hosts setup the same but when I try to view the site on the new host I
get the following message:
core-project owned your b0x.. SAVE YOUR BOX....
This sounds horrible.
I've checked vhosts.conf, permissions, etc but I'm not seeing my error. I've
googled for the message but nothing there helped.
I get the same message when I go to the ip address.
Any help would be appreciated.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem moving websites
Posted by Nick Kew <ni...@webthing.com>.
>> core-project owned your b0x.. SAVE YOUR BOX....
Forget about the website. Forget about Apache.
Wipe and re-format the disc and reinstall the operating system,
taking proper care of your security.
The above is most likely a bluff: someone just exploited
a dumb script to deface your pages. But unless you *know*
(and can prove) that, the assumption has to be that they
*may* have root access to the server, and it's now a zombie,
ready for them to take control whenever they choose.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem moving websites
Posted by Chris Winfield-Blum <ch...@leadingside.com>.
You can try to check your log files and if you have iptables with some
logging setup perhaps there is something in there.
your biggest priority firstly should be to lockdown this system.
is firewall on?
have u disabled unrequired services
are your file permissions set to give access to the wrong people.
Once that is done then I would suggest a reformat. sounds extreme but it
is. it is quite hard for you to really know exactly what the intruder
got into to or what they left behind. they may have left scripts or
other nasties behind that they can use to gain access later.
Chris
H. Carter Harris said the following:
>How would one go about finding out how this system was compromised and how
>to fix it.
>
>I had two other sites that were damaged too.
>
>
>
>-----Original Message-----
>From: H. Carter Harris [mailto:carter-lists@technettn.net]
>Sent: Thursday, May 12, 2005 2:01 PM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] Problem moving websites
>
>
>It appears that you are correct ... thank you. v 2.0.48
>
>-----Original Message-----
>From: Aman Raheja [mailto:araheja@techquotes.com]
>Sent: Thursday, May 12, 2005 1:14 PM
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Problem moving websites
>
>
>It is always appreciated to know what apache version you are running and
>on what platform.
>As far as this message - it looks more like an intruder got in the box
>and put up this page, unless it is your default page.
>check the index file in your htdocs - it could be compromised system
>situation.
>Thanks
>Aman Raheja
>
>H. Carter Harris wrote:
>
>
>
>>I'm trying to move some websites from one host to another. I thought I had
>>the hosts setup the same but when I try to view the site on the new host I
>>get the following message:
>>
>>core-project owned your b0x.. SAVE YOUR BOX....
>>
>>This sounds horrible.
>>
>>I've checked vhosts.conf, permissions, etc but I'm not seeing my error.
>>
>>
>I've
>
>
>>googled for the message but nothing there helped.
>>
>>I get the same message when I go to the ip address.
>>
>>Any help would be appreciated.
>>
>>
>>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Problem moving websites
Posted by "H. Carter Harris" <ca...@technettn.net>.
How would one go about finding out how this system was compromised and how
to fix it.
I had two other sites that were damaged too.
-----Original Message-----
From: H. Carter Harris [mailto:carter-lists@technettn.net]
Sent: Thursday, May 12, 2005 2:01 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Problem moving websites
It appears that you are correct ... thank you. v 2.0.48
-----Original Message-----
From: Aman Raheja [mailto:araheja@techquotes.com]
Sent: Thursday, May 12, 2005 1:14 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Problem moving websites
It is always appreciated to know what apache version you are running and
on what platform.
As far as this message - it looks more like an intruder got in the box
and put up this page, unless it is your default page.
check the index file in your htdocs - it could be compromised system
situation.
Thanks
Aman Raheja
H. Carter Harris wrote:
>I'm trying to move some websites from one host to another. I thought I had
>the hosts setup the same but when I try to view the site on the new host I
>get the following message:
>
>core-project owned your b0x.. SAVE YOUR BOX....
>
>This sounds horrible.
>
>I've checked vhosts.conf, permissions, etc but I'm not seeing my error.
I've
>googled for the message but nothing there helped.
>
>I get the same message when I go to the ip address.
>
>Any help would be appreciated.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Problem moving websites
Posted by "H. Carter Harris" <ca...@technettn.net>.
It appears that you are correct ... thank you. v 2.0.48
-----Original Message-----
From: Aman Raheja [mailto:araheja@techquotes.com]
Sent: Thursday, May 12, 2005 1:14 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Problem moving websites
It is always appreciated to know what apache version you are running and
on what platform.
As far as this message - it looks more like an intruder got in the box
and put up this page, unless it is your default page.
check the index file in your htdocs - it could be compromised system
situation.
Thanks
Aman Raheja
H. Carter Harris wrote:
>I'm trying to move some websites from one host to another. I thought I had
>the hosts setup the same but when I try to view the site on the new host I
>get the following message:
>
>core-project owned your b0x.. SAVE YOUR BOX....
>
>This sounds horrible.
>
>I've checked vhosts.conf, permissions, etc but I'm not seeing my error.
I've
>googled for the message but nothing there helped.
>
>I get the same message when I go to the ip address.
>
>Any help would be appreciated.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem moving websites
Posted by Aman Raheja <ar...@techquotes.com>.
It is always appreciated to know what apache version you are running and
on what platform.
As far as this message - it looks more like an intruder got in the box
and put up this page, unless it is your default page.
check the index file in your htdocs - it could be compromised system
situation.
Thanks
Aman Raheja
H. Carter Harris wrote:
>I'm trying to move some websites from one host to another. I thought I had
>the hosts setup the same but when I try to view the site on the new host I
>get the following message:
>
>core-project owned your b0x.. SAVE YOUR BOX....
>
>This sounds horrible.
>
>I've checked vhosts.conf, permissions, etc but I'm not seeing my error. I've
>googled for the message but nothing there helped.
>
>I get the same message when I go to the ip address.
>
>Any help would be appreciated.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org