• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Linux Lupper.Worm In the WIld

E

erhnam

Basic Pleskian
As you already know there's a new worm.. The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed."

I'd recommend actually fixing the vulnerable scripts, but if you like hackish, temporary solutions, here's a better one:

# rm -f /tmp/lupii
# touch /tmp/lupii
# chown root: /tmp/lupii
# chmod go-rx /tmp/lupii

(i.e. create a harmless file which can't be overwritten; which will prevent the worm from installing itself. This assumes you don't run apache as root. God help you if you do.)
 
What about adding 'chattr +i /tmp/lupii' this would prevent the file from being overwritten by a root user, until it is made mutable again. Also use chmod to remove the write bit.
 
You must log in or register to reply here.

Similar threads

D
Issue Error installing mailman3
Replies
0
Views
1K
DBardaji
D
AbramS
Input Cloudflare Whitelist Scripts for Fail2ban and NGINX
Replies
11
Views
10K
WebHostingAce
WebHostingAce
akira9000
Resolved Just had a bumpy ride upgrading from Plesk 17.8.11 to Obsidian 18.0.28
Replies
10
Views
3K
akira9000
akira9000
DaniëlB1990
Resolved Unable to SFTP (due to?) & Incorrect chown/chmod rights
Replies
2
Views
2K
DaniëlB1990
DaniëlB1990
Christoph Farnleitner
File owner in subscription is unequal to sys user (actual file owner-name is set to a FTP-user name)
Replies
2
Views
2K
Christoph Farnleitner
Christoph Farnleitner
Back
Top