[NOT I-MSCP RELATED] Malicious Apache Module Injects Iframes

  • Be aware administrators:
    http://blog.unmaskparasites.co…e-module-injects-iframes/


    This fault is not caused by i-MSCP, but it's just a warning to check your systems for "possible" breaches.


    ****


    Edit: A few things you can do, to prevent people from easily finding your Apache version is to modify your security configuration for apache.
    nano/vi /etc/apache2/conf.d/security


    Change:
    ServerTokens Prod
    ServerSignature Off
    and
    TraceEnable Off


    & Restart Apache. /etc/init.d/apache2 restart


    This will make it harder to find and exploit your installation if Debian/Ubuntu is affected by this.

  • Here another approach to confuse the people about the webserver you are running:


    Code
    1. aptitude install libapache-mod-securitya2enmod mod-security


    Then open the file /etc/apache2/conf.d/security and change the ServerSignature


    Code
    1. ServerSignature Onto SecServerSignature Microsoft-IIS/8.0


    After SecServerSignature you could enter whatever you want.


    Finally reload apache


    Code
    1. service apache reload


    Install Firefox extension Domain Details and check on the Add-on Bar:



  • Microsoft-IIS/8.0... all people will think I'm a noob. That's too embarrassing hahah

  • Then use this ;)


    Code
    1. SecServerSignature nginx/1.5.2