Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Malware on apache

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default Malware on apache

    This does not directly apply to Backtrack, however, I figured this group would be of most help. Also, I'm not even sure this is really legal, so, please advise.

    I frequent a local coffee shop. While enjoying my cup of joe and browsing the Internet, I decided to randomly check my snort log file. I realized I had been port scanned multiple times. Further investigation shows several brute force attempts into my Ubuntu box. It does not appear they were successful, or if they were, they didn't penetrate anything important. (I have several security monitoring/prevention tools, chkrootkit, logcheck, portsentry, ossec, apparmor, etc).

    Needless to say, I was still a little shocked someone has nothing better to do then sit in a coffee shop and attempt to attack random people. Therefore, is it possible to obtain several viruses,malware,etc, and put them on my apache server. When this user (authenticated by ip address) attempts to view my web server, they are downloaded to his computer. I will, of course, put some sort of warning message saying no unauthorized access to this page, or something of that nature. He will have to agree he has access before proceeding.

    Anyway, I'm not looking to break the law, so if this is illegal, then I will just confront the guy in person (I do know who it is), otherwise, some nudge in the right direction would be greatly appreciated.

    The main question here is, where can I obtain the malware. I guess I could just go browse a bunch of questionable sites, however, I'd prefer receiving them from some reliable source.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    IANAL but I think this would fall under the definition of "accessing a computer system without authorisation" which is the usual wording included in the various hacking laws around the world, so it could be illegal. I would probably stay away from doing this if I were you.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by lupin View Post
    IANAL but I think this would fall under the definition of "accessing a computer system without authorisation" which is the usual wording included in the various hacking laws around the world, so it could be illegal. I would probably stay away from doing this if I were you.
    I don't know... As I understand, he is saying that we just wants to put some malware/viruses/etc into his apache page, so when the cracker try to exploit him, he gets infected. But i seriously doubt it would work, because he would know what's a malware and you don't know what OS he's using... As for legal questions, i think it's legal because the page and malware are on your computer, standing still. He's the one who pulls it out without your authorization.

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Snayler View Post
    I don't know... As I understand, he is saying that we just wants to put some malware/viruses/etc into his apache page, so when the cracker try to exploit him, he gets infected.
    Please explain how this is any different than the criminals that do this to innocent computer users around the world?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I find this highly suspect. Why in the world would you be at a coffee shop running a Apache sever on your laptop in the first place. When I am in public there is not one port open on my laptop because there doesn't need to be. Every connection is one I initiate since in a public place I am not in control of the routing anyway. So really if you are getting hacked in a coffee shop its pretty much your own fault.

  6. #6
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by streaker69 View Post
    Please explain how this is any different than the criminals that do this to innocent computer users around the world?
    Yes, now that i think about it... You're right, streaker69.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Snayler View Post
    I don't know... As I understand, he is saying that we just wants to put some malware/viruses/etc into his apache page, so when the cracker try to exploit him, he gets infected. But i seriously doubt it would work, because he would know what's a malware and you don't know what OS he's using... As for legal questions, i think it's legal because the page and malware are on your computer, standing still. He's the one who pulls it out without your authorization.
    It becomes an issue if the malware you have just made available then goes and does something on the victim machine that could be considered unauthorised access. The malware will usually do something like give command execution privileges to that system or copying ot that systems information to someone else, and at that point you have taken part in providing unauthorised access to a computing system. If the malware isnt doing this, then it doesnt really count as malware does it?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    Well, to answer the question about apache server, I own a web design business. I use it for development purposes, and it only listens for localhost requests (therefore closed to anyone outside my computer...)

    I was considering opening it to anyone on my subnet, thus tempting my wonderful friend to access it, however, based on the comments here, that is not going to happen.

    Since the incident, I have notified the coffee shop owner, and blocked his mac address from the coffee shop's network. (I set up their wireless network...)

    Anyway, I may have over-reacted here. The day this happened was the day I installed snort and other security tools onto Ubuntu. I was defintely NOT expecting results within the first 24 hours.

    Also, I'm not exactly sure where I would have gotten the malware etc, without coding it myself....and I don't think I'm up for that challenge...so, thank you all for the advice.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by dvlchd3 View Post

    Since the incident, I have notified the coffee shop owner, and blocked his mac address from the coffee shop's network. (I set up their wireless network...)
    Wow, that should keep him out, for all of 15 seconds.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by streaker69 View Post
    Wow, that should keep him out, for all of 15 seconds.
    That long?

    @ dvlchd3: In case you don't know, MAC filtering on a wireless network is little more than exercise in futility. It might keep a novice out, but it won't stop anyone who is knowledgeable enough to run and understand a port scanner.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •