compromised apache2?

Yuelin Li liy12 at mskcc.org
Wed Dec 26 01:36:43 UTC 2007


Found a solution.  It appears to be a denial of service attack.
See http://ubuntu-help.info/

Yuelin.


-- Yuelin Li wrote --|Tue (Dec/25/2007)[06:02]|--:
   I have noticed unexpected tcp connections whenever I start
   /etc/init.d/apache2 (see netsstat output below).  These connections
   appear in a couple of minutes, first the top two entries, then four
   and stay at four.  I am not running any other web-related utilities,
   no firefox.  I can't explain why I see them. These connections go away
   almost immediately when I stop apache2. 
   
   My questions are: 1) is my apache2 installation compromised?  and 2)
   if so, how should I remediate it?  Many thanks in advance,
   
   Yuelin.
   
   % netstat -atu
   Active Internet connections (servers and established)
   Proto Recv-Q Send-Q Local Address           Foreign Address         State      
   tcp        0      0 *:www                   *:*                     LISTEN     
   tcp        0      0 sky.local:www           91-110-14-210.server:96 SYN_RECV   
   tcp        0      0 sky.local:www           91-110-14-210.serve:www SYN_RECV   
   tcp        0      0 sky.local:www           91-110-14-210.serve:216 SYN_RECV   
   tcp        0      0 sky.local:www           91-110-14-210.serve:236 SYN_RECV   
   tcp        0      0 localhost:ipp           *:*                     LISTEN     
   tcp6       0      0 *:ssh                   *:*                     LISTEN     
   
    
        =====================================================================
        
        Please note that this e-mail and any files transmitted with it may be 
        privileged, confidential, and protected from disclosure under 
        applicable law. If the reader of this message is not the intended 
        recipient, or an employee or agent responsible for delivering this 
        message to the intended recipient, you are hereby notified that any 
        reading, dissemination, distribution, copying, or other use of this 
        communication or any of its attachments is strictly prohibited.  If 
        you have received this communication in error, please notify the 
        sender immediately by replying to this message and deleting this 
        message, any attachments, and all copies and backups from your 
        computer.
   
   
   -- 
   ubuntu-users mailing list
   ubuntu-users at lists.ubuntu.com
   Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
   





More information about the ubuntu-users mailing list