1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Linux Lupper.Worm In the WIld

Discussion in 'Plesk for Linux - 8.x and Older' started by erhnam, Nov 8, 2005.

  1. erhnam

    erhnam Basic Pleskian

    Oct 26, 2003
    Likes Received:
    As you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."

    I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:

    # rm -f /tmp/lupii
    # touch /tmp/lupii
    # chown root: /tmp/lupii
    # chmod go-rx /tmp/lupii

    (i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
  2. ShadowMan@

    ShadowMan@ Guest

    What about adding 'chattr +i /tmp/lupii' this would prevent the file from being overwritten by a root user, until it is made mutable again. Also use chmod to remove the write bit.