GoFuckYourself.com - Adult Webmaster Forum - View Single Post

MrVids · 05-10-2005, 08:31 AM

heya jamie, i know you said your host looked on your box to see what it is but the exploit is 99% for sure a module that was installed on Apache. Tell your host to look for mod_stats.so and see if it exists anywhere on the box and also check to see if it appears in your httpd.conf. i run a couple tgp's, and while i've been fortunate enough to not get hit by this, a good friend of mine has and that is what his hosting co ended up finding.

also, have your hosting co installed tripwire. it will do a reporte of any major files that were edited, so you can research things like this with a little more efficiency.

05-10-2005, 08:31 AM
MrVids i am a meat popsicle Industry Role: Join Date: Jan 2005 Location: Seattle, WA Posts: 1,070	heya jamie, i know you said your host looked on your box to see what it is but the exploit is 99% for sure a module that was installed on Apache. Tell your host to look for mod_stats.so and see if it exists anywhere on the box and also check to see if it appears in your httpd.conf. i run a couple tgp's, and while i've been fortunate enough to not get hit by this, a good friend of mine has and that is what his hosting co ended up finding. also, have your hosting co installed tripwire. it will do a reporte of any major files that were edited, so you can research things like this with a little more efficiency.