Welcome to WebmasterWorld Guest from 54.225.58.238

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Apache security alert

     
12:43 pm on Jun 21, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 3, 2001
posts:1609
votes: 0

7:16 am on June 22, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 28, 2001
posts:97
votes: 0


I saw WebMasterWorld has already patched up their Apache to 1.3.26... And if you are an Apache user, you too should get the update. Here's the same news item from SecurityFocus.

[online.securityfocus.com ]

According to the article, they have already demonstrated how to get a shell prompt on an unpatched OpenBSD box. Sooner or later there will be Linux, Solaris and other variants floating around the net, waiting to be used by the script kiddies. I've patched all my boxes last night (RedHat and Mandrake). Love urpmi from Mandrake :)

7:41 pm on June 23, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


I just did the upgrade. I alway compile apache from source, this way I get exactly the modules I need and nothing extra.

The Apache foundation is truly a class act. It took them only 24 little hours to get the patch out.

7:58 pm on June 23, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 17, 2002
posts:1186
votes: 5


is it possible to upgrade apache using webmin?

If not, how do I upgrade to the latest version?

8:49 pm on June 23, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


I think you are going to have to get shell access to upgrade Apache. The 'Hows' of the process will depend on how you have it set up now. If you have an RPM based server you probably would want to go that way again so all your webmin hooks keep working.

You would upload all the new apache rpms into a folder and then just go:
rpm -Uhv *.rpm

If this is all new to you, you better get some help though.

11:15 pm on June 23, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 17, 2002
posts:1186
votes: 5


Ok, I got a debian system and have a webmin control panel.

I have used webmin to upgrade some packages but it didnt do apache or PHP.

I guess the apache upgrade is important but I'd also like to upgrade to the latest PHP.

So can I do this with webmin?

9:41 pm on June 24, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 17, 2002
posts:1186
votes: 5


I worked it out guys.

needed to do a apt-get install apache

Man, that is so sweet. Why can't windows updates be so easy?

9:46 pm on June 24, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 5, 2001
posts:2724
votes: 1


(: So many people I know are getting attacked by that new form of DoS. I fixed mine a few days ago :) heheeh its neat how it brings the computer to its knees.