1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Running Apache w/o nginx? Beware!

Discussion in 'BlackHat Lounge' started by CyberSEO, Aug 25, 2011.

  1. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    939
    Likes Received:
    256
    Occupation:
    programmer
    Home Page:
    The killapache.pl launches in a few threads the following simple request:

    And if there is no nginx installed your Apache server will be easily laid down.

    [​IMG]

    Here is a simple command to check if your server is vulnerable:

    If you received 206 Partial Content, you are in big trouble.
     
    • Thanks Thanks x 1
  2. WildDisease

    WildDisease Junior Member

    Joined:
    Aug 3, 2011
    Messages:
    109
    Likes Received:
    5
    One of my websites does.. what do I do?
     
  3. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    939
    Likes Received:
    256
    Occupation:
    programmer
    Home Page:
    Install nginx as a front-end for static content, or disable gzip.
     
  4. Heineken

    Heineken BANNED BANNED

    Joined:
    Aug 25, 2010
    Messages:
    306
    Likes Received:
    46
    how should i test this, can you explain ? Thanks
     
  5. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    939
    Likes Received:
    256
    Occupation:
    programmer
    Home Page:
    The test command has been given in the first post. Please read it carefully.