From owner-freebsd-questions@FreeBSD.ORG Thu May 9 21:52:22 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 05F67F1A for ; Thu, 9 May 2013 21:52:22 +0000 (UTC) (envelope-from jrisom@gmail.com) Received: from mail-oa0-f48.google.com (mail-oa0-f48.google.com [209.85.219.48]) by mx1.freebsd.org (Postfix) with ESMTP id C8DB33D9 for ; Thu, 9 May 2013 21:52:21 +0000 (UTC) Received: by mail-oa0-f48.google.com with SMTP id i4so4127954oah.21 for ; Thu, 09 May 2013 14:52:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=qJq2oMRFvWQvEn3WkwBw4KMzjBeKmmFlrlTfwEKnBTw=; b=DgAGsBEWVA47dnH5PWd8BIiDUqAZSgqWFMehQ8jgB15xpWLlwjTMfuhfWETW3ZEMhP RdB/eh1greU1pgz3KVnWfAmHBo92OOEVBIrymRnIlXnXWsWuyFbT5zS9KTm0j9251kIK IFWOQCYcvOLPOQ0FTy4JztICoTLa6ZivKYPnr6btWLsu8g66YJla+W4FLDXPzVJuOpPP 2F5m6izKpLopzwBB4oJRDT5z0veDNu6wjDK1YiB0i5CS/uxPzBcM9BsB4TjfisMRCyUi 0pdV+9dDc3IFC2JVPKcc2gX/6WzgTzYhGEvz47tlTxrw8D/LnaxFF8hcf2K+rH7XAlVP ARMw== X-Received: by 10.60.65.100 with SMTP id w4mr5479544oes.79.1368136335245; Thu, 09 May 2013 14:52:15 -0700 (PDT) Received: from [192.168.1.34] (c-98-212-197-211.hsd1.il.comcast.net. [98.212.197.211]) by mx.google.com with ESMTPSA id r4sm5316756obg.3.2013.05.09.14.52.14 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 09 May 2013 14:52:14 -0700 (PDT) Message-ID: <518C1A84.20507@gmail.com> Date: Thu, 09 May 2013 16:52:04 -0500 From: Joshua Isom User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Cdorked.A References: <518BDABF.7010401@intersonic.se> In-Reply-To: <518BDABF.7010401@intersonic.se> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 May 2013 21:52:22 -0000 On 5/9/2013 12:19 PM, Per olof Ljungmark wrote: > Hi, > > Is Apache on FreeBSD affected? > > Thanks, Technically, Apache isn't the problem. The hole's in cPanel probably, not Apache. The attackers replace Apache, probably patching the source code and replacing the host's with a trojaned copy. If they're patching the source code, then yes, FreeBSD, Windows, OS X, Solaris, OpenBSD, et al are possibly infected.