Linux admins beware, there’s a web server exploit in the wild

No OS is 100% secure if there’s enough desire to get in. There’s a web server exploit targeting Apache, Nginx, and Lighttpd running on Linux–a first of its kind, in at least one regard. Ars Technica has the details, including where to get a script to check to see if your server is infected.

According to this page, if you execute this command:

strings /usr/bin/apache2 | egrep opentty

you’re clean if nothing comes up, and your infected if you see one or more matches. If your system stores its httpd elsewhere, change the first parameter to match.

If you found this post informative or helpful, please share it!
%d bloggers like this: