<p dir="ltr">Granted, apache starts as root to claim ports 89 and 443 then drops root and runs as unprivileged apache user. It's done this by default for over a decade. Only a total noob blindly pasting commands from forums for noobs will have an all root apache. Or someone who compile apache themselves and had all the security flags wrong.</p>
<div class="gmail_quote">On Nov 9, 2015 9:37 AM, "Charles Shapiro" <<a href="mailto:hooterpincher@gmail.com">hooterpincher@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Am I reading this right? You have to be running Apache as root to be vulnerable?<div><br></div><div>t’s worth noting that the malware requires the compromised user account on the Linux system to be an administrator; operating Web servers and Web services as administrator is generally considered poor security form, and threats like this one just reinforce why.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 9, 2015 at 5:53 AM, Leam Hall <span dir="ltr"><<a href="mailto:leamhall@gmail.com" target="_blank">leamhall@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 11/09/15 04:35, DJ-Pfulio wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Linux Ransom-ware is out looking for ways to attack and encrypt your<br>
systems:<br>
<a href="https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/" rel="noreferrer" target="_blank">https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/</a><br>
<br>
Good news: They only want 1 bitcoin as payment.<br>
<br>
Bad news: 1 BC is about US$420 and the unlock process doesn't put<br>
everything back exactly like it was.<br>
</blockquote>
<br></span>
Good news; we're all now reminded to back up our files and sites. :)<span><font color="#888888"><br>
<br>
Leam</font></span><div><div><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>