Find the answer to your Linux question:
Results 1 to 2 of 2
Hi Everybody, My webserver has been hacked. I checked with the nikto, it gave the following. [root@shanker nikto-1.35]# ./nikto.pl -h <my_ip> --------------------------------------------------------------------------- - Nikto 1.35/1.34 - www.cirt.net + Target IP: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 11-29-2006 #1
    mummaneni
    mummaneni is offline
    Linux Newbie
    Join Date
    Jul 2004
    Posts
    143

    web server has been hacked

    Hi Everybody,

    My webserver has been hacked.
    I checked with the nikto, it gave the following.

    [root@shanker nikto-1.35]# ./nikto.pl -h <my_ip>
    ---------------------------------------------------------------------------
    - Nikto 1.35/1.34 - www.cirt.net
    + Target IP: <my_ip>
    + Target Hostname: <my_ip>
    + Target Port: 80
    + Start Time: Tue Nov 28 19:14:14 2006
    ---------------------------------------------------------------------------
    - Scan is dependent on "Server" string which can be faked, use -g to override
    + Server: Apache/2.0.54 (Fedora)
    + Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE
    + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877.
    + 2.0.54 (Fedora) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.
    + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-...per_screen.pdf for details (TRACE)
    + /scripts - Redirects to http://<my_ip>/scripts/ , Remote scripts directory is browsable.
    + /webmail/ - Redirects to src/login.php , Web based mail package installed.
    + /access-log - Just found this log file... (GET)
    + /logs/access_log - Just found this log... (GET)
    + /scripts/login.cgi - This might be interesting... (GET)
    + /webmail/src/read_body.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
    + 2563 items checked - 5 item(s) found on remote host(s)
    + End Time: Tue Nov 28 20:44:54 2006 (5440 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested

    Please tell me if any vulnerabilites are there on my server.
    Please suggest any apache webserver hardening tools

    Thanks Inadvance,
    Mummaneni.
    Reply With Quote Reply With Quote
  2. 11-29-2006 #2
    sin@evilson
    sin@evilson is offline
    Just Joined! sin@evilson's Avatar
    Join Date
    Nov 2006
    Location
    So California
    Posts
    9

    Your Server was hacked?

    This is not evidence that your server was actually hacked. Your forensics should not be based on the output provided by a single script. Start by reading http://www.informit.com/guides/conte...eqNum=107&rl=1
    Develop other methods of researching your servers and securing them. Become intimate with your software and environment and then you will using "...the Force Luke".
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules