Thread: ssl slapper for linux
09-18-2002, 04:44 PM #1Newbie
- Join Date
- Sep 2002
- Atlanta, GA United States
ssl slapper for linux
Just wanted to let everyone know, if they haven't heard already, there is a worm that is infecting Linux Servers running Apache with OpenSSL enabled.
here is a brief education rundown of what to do to get rid of it.
To detect the presence of the "Slapper" Worm/Trojan, look first in /tmp for files that have the string "bugtraq" as part of the name. You may find any of the following:
Delete them. It would also be wise to log in as root and do:
find / -name \*bugtraq\* -print
to see if any other files are hidden down your directory chain. Determine if you know what they are or not and move/remove them as you see fit.
Lastly, do a:
ps -ax | grep bugtraq
to look for any processes currently running. If you find them, kill them immediately. A reboot wouldn't hurt, if you can spare the time.
If you do not need SSL for your web server, turn it off. On one of our systems, we are running Redhat 7.3 and just edited the section in /etc/httpd/conf/httpd.conf which reads:
# General setup for the virtual host
#ServerAdmin [email protected]ess
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
...and set SSLEngine off
Before we did that, we saw that slapper-thingie appear another time or two. Now, it's clean and not getting dumped on (so to speak).
09-18-2002, 05:01 PM #2Web Hosting Master
- Join Date
- Feb 2002
btw, servers running cpanel have OpenSSL v0.9.6b, which is exploitable by this "slapper", it is safe to use openssl v.0.9.6d or newer, sounds like cpanel is not going to update themPowered by AMD & FreeBSD.
"Documentation is like sex:
when it is good, it is very, very good;
and when it is bad, it is better than nothing."