Welcome to WebmasterWorld Guest from 54.221.87.97

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Apache security alert

     

john316

12:43 pm on Jun 21, 2002 (gmt 0)

scotty

7:16 am on Jun 22, 2002 (gmt 0)

10+ Year Member



I saw WebMasterWorld has already patched up their Apache to 1.3.26... And if you are an Apache user, you too should get the update. Here's the same news item from SecurityFocus.

[online.securityfocus.com ]

According to the article, they have already demonstrated how to get a shell prompt on an unpatched OpenBSD box. Sooner or later there will be Linux, Solaris and other variants floating around the net, waiting to be used by the script kiddies. I've patched all my boxes last night (RedHat and Mandrake). Love urpmi from Mandrake :)

littleman

7:41 pm on Jun 23, 2002 (gmt 0)

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I just did the upgrade. I alway compile apache from source, this way I get exactly the modules I need and nothing extra.

The Apache foundation is truly a class act. It took them only 24 little hours to get the patch out.

Frank_Rizzo

7:58 pm on Jun 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



is it possible to upgrade apache using webmin?

If not, how do I upgrade to the latest version?

littleman

8:49 pm on Jun 23, 2002 (gmt 0)

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I think you are going to have to get shell access to upgrade Apache. The 'Hows' of the process will depend on how you have it set up now. If you have an RPM based server you probably would want to go that way again so all your webmin hooks keep working.

You would upload all the new apache rpms into a folder and then just go:
rpm -Uhv *.rpm

If this is all new to you, you better get some help though.

Frank_Rizzo

11:15 pm on Jun 23, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ok, I got a debian system and have a webmin control panel.

I have used webmin to upgrade some packages but it didnt do apache or PHP.

I guess the apache upgrade is important but I'd also like to upgrade to the latest PHP.

So can I do this with webmin?

Frank_Rizzo

9:41 pm on Jun 24, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I worked it out guys.

needed to do a apt-get install apache

Man, that is so sweet. Why can't windows updates be so easy?

EliteWeb

9:46 pm on Jun 24, 2002 (gmt 0)

WebmasterWorld Senior Member eliteweb is a WebmasterWorld Top Contributor of All Time 10+ Year Member



(: So many people I know are getting attacked by that new form of DoS. I fixed mine a few days ago :) heheeh its neat how it brings the computer to its knees.