• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Linux Lupper.Worm In the WIld

E

erhnam

Basic Pleskian
As you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."

I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:

# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii

(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
 
What about adding 'chattr +i /tmp/lupii' this would prevent the file from being overwritten by a root user, until it is made mutable again. Also use chmod to remove the write bit.
 
You must log in or register to reply here.

Similar threads

D
Issue Error installing mailman3
Replies
0
Views
650
DBardaji
D
DaniëlB1990
Resolved Unable to SFTP (due to?) & Incorrect chown/chmod rights
Replies
2
Views
2K
DaniëlB1990
DaniëlB1990
M
Help reverting changes due to exploit
Replies
1
Views
2K
matteosistisette
M
LinqLOL
Do not disable Selinux: Tips and tricks!
Replies
0
Views
3K
LinqLOL
LinqLOL
M
Contribution How to install (D)DoS Deflate and APF (Advanced Policy Firewall) to block bad IPs
2
Replies
20
Views
30K
costasias81
C
Back
Top