Linux News
The world is talking about GNU/Linux and Free/Open Source Software

What is the delivery method....???

Story: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too

Total Replies: 7

Author	Content
Collin_O May 09, 2013 6:25 PM EDT	Does anyone know the delivery method, how apache, nginx and lighttpd running on *nix servers are falling prey to this exploit? :-o
djohnston May 09, 2013 7:27 PM EDT	From the article: Quoting:Researchers still don't know how servers are being infected with Cdorked. Because compromised machines are running a variety of administration controls, cPanel and competing software aren't obvious suspects. Cdorked doesn't have the ability to spread by itself and doesn't exploit a vulnerability in any other specific piece of software, either.
Bob_Robertson May 10, 2013 8:58 AM EDT	This seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations. It's also very interesting to note that, while those infected do not know how (yet) it was done, it's been done to a relatively few. This tells me that it isn't easy to do.
caitlyn May 10, 2013 3:06 PM EDT	Quoting:his seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations. Agreed. I still haven't figured out why so many sysadmins fight SELinux. It's not hard at all to craft a policy and get it setup.
gus3 May 11, 2013 10:21 AM EDT	@caitlyn, SELinux may now be in a usable state, but the initial implementation was Byzantine, to say the least. It left a bad taste in many mouths, even if it did work as advertised. Much the same history as KDE4's desktop paradigm.
caitlyn May 15, 2013 11:36 AM EDT	gus3, this time we'll disagree. I had to write a whitepaper on SELinux back when it was a separate distro and have followed it ever since. It's always worked well and once you understood the logic behind it the way things worked really did make sense. Having said all of that, it is a lot easier to administer today.
gus3 May 15, 2013 6:42 PM EDT	Okay, then it was the doc writers' fault for putting out such poorly-explained techniques. Did you publish it somewhere public?
caitlyn May 17, 2013 7:38 PM EDT	I couldn't. I was writing it for a US government agency under an NDA. FWIW, I think the current Fedora/Red Hat documentation is excellent. It wasn't always so but IMHO it is now.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!