Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

11 Reasons Why You Should Switch from Windows to Linux

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

What is the delivery method....???

Story: Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too

Total Replies: 7

Author	Content
Collin_O May 09, 2013 6:25 PM EDT	Does anyone know the delivery method, how apache, nginx and lighttpd running on *nix servers are falling prey to this exploit? :-o
djohnston May 09, 2013 7:27 PM EDT	From the article: Quoting:Researchers still don't know how servers are being infected with Cdorked. Because compromised machines are running a variety of administration controls, cPanel and competing software aren't obvious suspects. Cdorked doesn't have the ability to spread by itself and doesn't exploit a vulnerability in any other specific piece of software, either.
Bob_Robertson May 10, 2013 8:58 AM EDT	This seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations. It's also very interesting to note that, while those infected do not know how (yet) it was done, it's been done to a relatively few. This tells me that it isn't easy to do.
caitlyn May 10, 2013 3:06 PM EDT	Quoting:his seems like the kind of exploit (at the server side) that would be greatly hindered by SELinux style enhanced separations. Agreed. I still haven't figured out why so many sysadmins fight SELinux. It's not hard at all to craft a policy and get it setup.
gus3 May 11, 2013 10:21 AM EDT	@caitlyn, SELinux may now be in a usable state, but the initial implementation was Byzantine, to say the least. It left a bad taste in many mouths, even if it did work as advertised. Much the same history as KDE4's desktop paradigm.
caitlyn May 15, 2013 11:36 AM EDT	gus3, this time we'll disagree. I had to write a whitepaper on SELinux back when it was a separate distro and have followed it ever since. It's always worked well and once you understood the logic behind it the way things worked really did make sense. Having said all of that, it is a lot easier to administer today.
gus3 May 15, 2013 6:42 PM EDT	Okay, then it was the doc writers' fault for putting out such poorly-explained techniques. Did you publish it somewhere public?
caitlyn May 17, 2013 7:38 PM EDT	I couldn't. I was writing it for a US government agency under an NDA. FWIW, I think the current Fedora/Red Hat documentation is excellent. It wasn't always so but IMHO it is now.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software