[Snort-sigs] Anyone have signatures for apache/php attacks?

Russell Fulton r.fulton at ...575...
Mon Aug 5 16:26:03 EDT 2002


We have just had a apache web server hacked, files were left with
ownership of apache and the system was know to have a vulnerable version
of php installed.  (they were in the process of building a new server
with all the patches applied...).

Snort did not pick up the attack so I'm wondering if anyone has and
rules that detect these attacks.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin





More information about the Snort-sigs mailing list