Find the answer to your Linux question:
Results 1 to 2 of 2
Hi Everybody, My webserver has been hacked. I checked with the nikto, it gave the following. [root@shanker nikto-1.35]# ./nikto.pl -h <my_ip> --------------------------------------------------------------------------- - Nikto 1.35/1.34 - www.cirt.net + Target IP: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Jul 2004
    Posts
    143

    web server has been hacked


    Hi Everybody,

    My webserver has been hacked.
    I checked with the nikto, it gave the following.

    [root@shanker nikto-1.35]# ./nikto.pl -h <my_ip>
    ---------------------------------------------------------------------------
    - Nikto 1.35/1.34 - www.cirt.net
    + Target IP: <my_ip>
    + Target Hostname: <my_ip>
    + Target Port: 80
    + Start Time: Tue Nov 28 19:14:14 2006
    ---------------------------------------------------------------------------
    - Scan is dependent on "Server" string which can be faked, use -g to override
    + Server: Apache/2.0.54 (Fedora)
    + Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE
    + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-877.
    + 2.0.54 (Fedora) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.
    + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-...per_screen.pdf for details (TRACE)
    + /scripts - Redirects to http://<my_ip>/scripts/ , Remote scripts directory is browsable.
    + /webmail/ - Redirects to src/login.php , Web based mail package installed.
    + /access-log - Just found this log file... (GET)
    + /logs/access_log - Just found this log... (GET)
    + /scripts/login.cgi - This might be interesting... (GET)
    + /webmail/src/read_body.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
    + 2563 items checked - 5 item(s) found on remote host(s)
    + End Time: Tue Nov 28 20:44:54 2006 (5440 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested

    Please tell me if any vulnerabilites are there on my server.
    Please suggest any apache webserver hardening tools

    Thanks Inadvance,
    Mummaneni.

  2. #2
    Just Joined! sin@evilson's Avatar
    Join Date
    Nov 2006
    Location
    So California
    Posts
    9

    Your Server was hacked?

    This is not evidence that your server was actually hacked. Your forensics should not be based on the output provided by a single script. Start by reading http://www.informit.com/guides/conte...eqNum=107&rl=1
    Develop other methods of researching your servers and securing them. Become intimate with your software and environment and then you will using "...the Force Luke".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •