Apache dynamic module infected

Kenneth Burgener kenneth at mail1.ttak.org
Tue Jan 22 17:12:37 MST 2008


Has anyone heard about this Apache exploit?  Supposedly there is a mass 
infection using Apache's dynamic module.

Mass host hack bigger than first thought, hits 10,000 sites
Some hacked Apache servers reinfected even after clean-up and Linux 
reinstall
http://tinyurl.com/28obnf
http://tinyurl.com/22clxe

Is this for real or is this merely a isolated problem blow out of 
proportion to cause FUD?  If this is for real, the articles did not 
explain how you can detect if you were infected, or how to disable 
Apache's dynamic module.

Is there a "dynamic module" module or is it referring to any module that 
is loaded by the LoadModule directive?  If the later is the case than 
any site hosting SSL or PHP or any number of other items would be 
disabled.  I am hoping the former is the case and there is some 
mysterious "dynamic module" module to be disabled.  Any ideas?

Thanks,
Kenneth




More information about the PLUG mailing list