[Snort-sigs] Anyone have signatures for apache/php attacks?

Russell Fulton r.fulton at ...575...
Mon Aug 5 16:26:03 EDT 2002

We have just had a apache web server hacked, files were left with
ownership of apache and the system was know to have a vulnerable version
of php installed.  (they were in the process of building a new server
with all the patches applied...).

Snort did not pick up the attack so I'm wondering if anyone has and
rules that detect these attacks.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin

More information about the Snort-sigs mailing list