Results 1 to 2 of 2
  1. #1
    Join Date
    Sep 2002
    Atlanta, GA United States

    * ssl slapper for linux

    Just wanted to let everyone know, if they haven't heard already, there is a worm that is infecting Linux Servers running Apache with OpenSSL enabled.

    here is a brief education rundown of what to do to get rid of it.

    To detect the presence of the "Slapper" Worm/Trojan, look first in /tmp for files that have the string "bugtraq" as part of the name. You may find any of the following:


    Delete them. It would also be wise to log in as root and do:

    find / -name \*bugtraq\* -print

    to see if any other files are hidden down your directory chain. Determine if you know what they are or not and move/remove them as you see fit.

    Lastly, do a:

    ps -ax | grep bugtraq

    to look for any processes currently running. If you find them, kill them immediately. A reboot wouldn't hurt, if you can spare the time.

    If you do not need SSL for your web server, turn it off. On one of our systems, we are running Redhat 7.3 and just edited the section in /etc/httpd/conf/httpd.conf which reads:

    ---BEGIN PASTE---
    <VirtualHost _default_:443>

    # General setup for the virtual host
    #DocumentRoot "/etc/httpd/htdocs"
    #ServerAdmin [email protected]ess
    ErrorLog logs/error_log
    TransferLog logs/access_log

    # SSL Engine Switch:
    # Enable/Disable SSL for this virtual host.
    SSLEngine on
    ---END PASTE---

    ...and set SSLEngine off

    Before we did that, we saw that slapper-thingie appear another time or two. Now, it's clean and not getting dumped on (so to speak).

  2. #2
    btw, servers running cpanel have OpenSSL v0.9.6b, which is exploitable by this "slapper", it is safe to use openssl v.0.9.6d or newer, sounds like cpanel is not going to update them
    Powered by AMD & FreeBSD.
    "Documentation is like sex:
    when it is good, it is very, very good;
    and when it is bad, it is better than nothing."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts