You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Michael D. Berger" <m....@ieee.org> on 2016/01/04 06:02:56 UTC
[users@httpd] Possible virus via httpd server
Using my WinXP Firefox client to access my previously working httpd 2.4
server
on Fedora 23 gets a file named 1OfvyQ5L instead of my index.html . Do you
think I have a
virus on my Linux box? I did notice that my iptables is not as tight as it
should be.
--
Michael D. Berger
m.d.berger@ieee.org
http://www.rosemike.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Possible virus via httpd server
Posted by Daniel Beardsmore <da...@trustnetworks.co.uk>.
If the file begins "MZ" (the MS-DOS stub found at the start of Windows executables) then it's very likely to be a Windows program intended for execution, which would be bad news.
It's interesting that you say "index.html" -- does this server serve all static pages, or does index.html reference a CMS that could have vulnerabilities?
> -----Original Message-----
> From: Michael D. Berger [mailto:m.d.berger@ieee.org]
> Sent: 04 January 2016 16:18
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Possible virus via httpd server
>
> Examining with Lemmy (A Windows version of VI), it looks like
> a binary file.
> Size is 181.4 KB.
> I am considering my favorite virus remover: DBAN, but it
> would take several
> days work to
> recover from that.
>
> Mike.
> --
> Michael D. Berger
> m.d.berger@ieee.org
> http://www.rosemike.net/
>
>
> > -----Original Message-----
> > From: Daniel Beardsmore [mailto:daniel@trustnetworks.co.uk]
> > Sent: Monday, January 04, 2016 05:03
> > To: users@httpd.apache.org
> > Subject: RE: [users@httpd] Possible virus via httpd server
> >
> > Well, what do you see if you examine the file in a text editor?
> >
> > > -----Original Message-----
> > > From: Michael D. Berger [mailto:m.d.berger@ieee.org]
> > > Sent: 04 January 2016 05:03
> > > To: Apache-Users
> > > Subject: [users@httpd] Possible virus via httpd server
> > >
> > > Using my WinXP Firefox client to access my previously
> working httpd
> > > 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my
> > > index.html . Do you think I have a virus on my Linux box? I did
> > > notice that my iptables is not as tight as it should be.
> > >
> > > --
> > > Michael D. Berger
> > > m.d.berger@ieee.org
> > > http://www.rosemike.net/
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Possible virus via httpd server
Posted by Daniel Beardsmore <da...@trustnetworks.co.uk>.
Well, what do you see if you examine the file in a text editor?
> -----Original Message-----
> From: Michael D. Berger [mailto:m.d.berger@ieee.org]
> Sent: 04 January 2016 05:03
> To: Apache-Users
> Subject: [users@httpd] Possible virus via httpd server
>
> Using my WinXP Firefox client to access my previously working
> httpd 2.4
> server
> on Fedora 23 gets a file named 1OfvyQ5L instead of my
> index.html . Do you
> think I have a
> virus on my Linux box? I did notice that my iptables is not
> as tight as it
> should be.
>
> --
> Michael D. Berger
> m.d.berger@ieee.org
> http://www.rosemike.net/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org