Facebook
TwitterAs you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."
I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:
# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii
(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:
# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii
(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
