What is the delivery method....???

Story: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, tooTotal Replies: 7
Author Content

May 09, 2013
6:25 PM EDT
Does anyone know the delivery method, how apache, nginx and lighttpd running on *nix servers are falling prey to this exploit? :-o

May 09, 2013
7:27 PM EDT
From the article:

Quoting:Researchers still don't know how servers are being infected with Cdorked. Because compromised machines are running a variety of administration controls, cPanel and competing software aren't obvious suspects. Cdorked doesn't have the ability to spread by itself and doesn't exploit a vulnerability in any other specific piece of software, either.


May 10, 2013
8:58 AM EDT
This seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations.

It's also very interesting to note that, while those infected do not know how (yet) it was done, it's been done to a relatively few. This tells me that it isn't easy to do.

May 10, 2013
3:06 PM EDT
Quoting:his seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations.
Agreed. I still haven't figured out why so many sysadmins fight SELinux. It's not hard at all to craft a policy and get it setup.

May 11, 2013
10:21 AM EDT
@caitlyn, SELinux may now be in a usable state, but the initial implementation was Byzantine, to say the least. It left a bad taste in many mouths, even if it did work as advertised.

Much the same history as KDE4's desktop paradigm.

May 15, 2013
11:36 AM EDT
gus3, this time we'll disagree. I had to write a whitepaper on SELinux back when it was a separate distro and have followed it ever since. It's always worked well and once you understood the logic behind it the way things worked really did make sense. Having said all of that, it is a lot easier to administer today.

May 15, 2013
6:42 PM EDT
Okay, then it was the doc writers' fault for putting out such poorly-explained techniques. Did you publish it somewhere public?

May 17, 2013
7:38 PM EDT
I couldn't. I was writing it for a US government agency under an NDA. FWIW, I think the current Fedora/Red Hat documentation is excellent. It wasn't always so but IMHO it is now.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!