0

I've submitted my web site to different apps like YahooWebmasters and similar places. They see my web site's main page's title as Index of/ . However I see it normally, as My Title.

Server: it says Apashi (wtf!?), it is Apache in reality
PHP 5.2.5
FreeBSD
cPanel Version 11.24.4-RELEASE
Kernel version 6.3-PRERELEASE

main page: index.html
I guess it is because of index.html
But why?

yagmoth555
  • 16,300
  • 4
  • 26
  • 48
ilhan
  • 278
  • 5
  • 15
  • 1
    I googled for "Apashi", and found a bunch of servers which have a signature like "[Apashi 1.1 FrontPage/5.0.2.2635 mod_bwlimited/1.4 Server](http://www.google.com/search?q=Apashi+FrontPage)". These look odd, but that could simply be an indication of some unique or rarely-used server (FreeBSD 6.3 is getting rare these days). – Stefan Lasiewski Jun 04 '10 at 16:52
  • Apashi is tophost.bg's stuff I guess. http://www.google.com/search?q=Apashi+Serv+Server&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:tr:official&client=firefox-a – ilhan Jun 20 '10 at 00:56
  • Possible duplicate of [How do I deal with a compromised server?](http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server) – HopelessN00b Feb 23 '16 at 05:52

2 Answers2

10

your server has been rooted and your apache is compromised.

apashi on freebsd is a signature that appears to take traffic that comes in from search engines to legitimate sites, and redirects it. Surfing the site with a non-google/non-bing url results in normal operation. It is possible someone is using the same webserver signature for legitimate purposes, but, based on the behavior above, it seems likely that it is a hacked version of apache.

Jeff Atwood
  • 12,994
  • 20
  • 74
  • 92
user6738237482
  • 1,480
  • 12
  • 7
  • yikes! Are you deducing that from "Apashi" or do you have the inside track on this one? – Chris_K Jun 03 '10 at 02:55
  • 5
    apashi on freebsd is a signature that appears to take traffic that comes in from search engines to legitimate sites, and redirects it. Surfing the site with a non-google/non-bing url results in normal operation. It is possible someone is using the same webserver signature for legitimate purposes, but, based on the behavior above, it seems likely that it is a hacked version of apache. – user6738237482 Jun 03 '10 at 03:02
  • It is very tempting to mark your comment as great instead of upvoting your answer. You should consider pasting your comment into the answer. – chronos Jun 03 '10 at 12:43
  • @user6738237482 : That's interesting. Do you have a link which explains that "apashi" on FreeBSD is a legitimate signature? I just browsed my apache22 source files (although this is FreeBSD 7.2), and I don't see the string 'apashi' anywhere. – Stefan Lasiewski Jun 04 '10 at 17:01
  • I've never seen it used legitimately. However, people do change servernames for whatever reason, and since one could assume that Apashi could be the drunk pronunciation of Apache, who knows. In any case, based on the behavior he's seeing, I think we can conclude that his server has been rooted and compromised and that he didn't recompile Apache with a different Signature just for the heck of it. – user6738237482 Jun 04 '10 at 17:15
  • @user6738237482 : People do change the ServerSignature, but what are the chances that so many people use the same name of 'Apashi' (See my comment above). – Stefan Lasiewski Jun 16 '10 at 01:00
2

make sure "Apashi" is configured to use index.html as the default page. That'll prevent giving out directory listings.

Chris_K
  • 3,434
  • 6
  • 41
  • 45