Found, a new rootkit

Edward Krack ekrack at sigecom.net
Tue Apr 4 01:43:13 UTC 2006


Gene Heskett:

> In doing some checking of a web server, we found an irc port open on
> 31377, one of the black hatters favorites.  A port that portsentry was
> supposed to be rejecting but wasn't.

Why would your web server be write-able?

Configure Secure Defaults:

<Directory />
        Order Deny,Allow
        Deny from all
</Directory>
<Directory /path/to/html/docs>
        Order Allow,Deny
        Allow from all
</Directory>

Just my 2 cents.

Krack









More information about the users mailing list