• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Linux Lupper.Worm In the WIld

erhnam

Basic Pleskian
As you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."

I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:

# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii

(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
 
What about adding 'chattr +i /tmp/lupii' this would prevent the file from being overwritten by a root user, until it is made mutable again. Also use chmod to remove the write bit.
 
Back
Top