Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    web server has been hacked

    Hi Everybody,

    My webserver has been hacked.
    I checked with the nikto, it gave the following.

    [root@shanker nikto-1.35]# ./ -h <my_ip>
    - Nikto 1.35/1.34 -
    + Target IP: <my_ip>
    + Target Hostname: <my_ip>
    + Target Port: 80
    + Start Time: Tue Nov 28 19:14:14 2006
    - Scan is dependent on "Server" string which can be faked, use -g to override
    + Server: Apache/2.0.54 (Fedora)
    + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877.
    + 2.0.54 (Fedora) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.
    + / - TRACE option appears to allow XSS or credential theft. See for details (TRACE)
    + /scripts - Redirects to http://<my_ip>/scripts/ , Remote scripts directory is browsable.
    + /webmail/ - Redirects to src/login.php , Web based mail package installed.
    + /access-log - Just found this log file... (GET)
    + /logs/access_log - Just found this log... (GET)
    + /scripts/login.cgi - This might be interesting... (GET)
    + /webmail/src/read_body.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
    + 2563 items checked - 5 item(s) found on remote host(s)
    + End Time: Tue Nov 28 20:44:54 2006 (5440 seconds)
    + 1 host(s) tested

    Please tell me if any vulnerabilites are there on my server.
    Please suggest any apache webserver hardening tools

    Thanks Inadvance,

  2. #2
    Just Joined! sin@evilson's Avatar
    Join Date
    Nov 2006
    So California

    Your Server was hacked?

    This is not evidence that your server was actually hacked. Your forensics should not be based on the output provided by a single script. Start by reading
    Develop other methods of researching your servers and securing them. Become intimate with your software and environment and then you will using "...the Force Luke".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts