• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Linux Lupper.Worm In the WIld

E

erhnam

Basic Pleskian
As you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."

I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:

# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii

(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
 
What about adding 'chattr +i /tmp/lupii' this would prevent the file from being overwritten by a root user, until it is made mutable again. Also use chmod to remove the write bit.
 
You must log in or register to reply here.

Similar threads

DaniëlB1990
Resolved Unable to SFTP (due to?) & Incorrect chown/chmod rights
Replies
2
Views
2K
DaniëlB1990
DaniëlB1990
M
Help reverting changes due to exploit
Replies
1
Views
2K
matteosistisette
M
LinqLOL
Do not disable Selinux: Tips and tricks!
Replies
0
Views
3K
LinqLOL
LinqLOL
M
Contribution How to install (D)DoS Deflate and APF (Advanced Policy Firewall) to block bad IPs
2
Replies
20
Views
28K
costasias81
C
P
How To: Full Automation for your Slave DNS zone file
Replies
3
Views
6K
Superkikim
S
Back
Top