[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Default installs vulnerable?

From: Ed Greshko <Ed Greshko greshko com>
To: Discussion list for Red Hat Enterprise Linux 4 <nahant-list redhat com>
Subject: Default installs vulnerable?
Date: Wed, 20 Jul 2005 08:57:53 +0800

I'm sure many of you have had the same experience I've had of getting a
Phishing Expedition email where the html contains something like:

signin.ebay.com.au/aw-cgi/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:eBayproblems
<http://210.204.207.123/eBay/index.htm>

Of course this brings you to a compromised site that displays like an
eBay site but is really a Phishing Expedition.

Anyway, I've been going to the sites, like the one above, and checking
to see what is installed.  Many times, a simple entry of
http://210.204.207.123/ proudly reveals the default Apache page and the
"Powered by Red Hat" logo.

The site above seems to be running an older version...but I've seen more
recent default Apache pages.

This leads me to question if default "everything" installs of RH with
Apache are vulnerable to being compromised or if people are adding some
additional packages that opens them up to attack.

-- 
Forrest Gump: "Now for some reason I fit in the Army like
one of them round pegs"

Follow-Ups:
- Re: Default installs vulnerable?
  - From: Ed Wilts
- Re: Default installs vulnerable?
  - From: John Summerfied

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]