Runbook

Apache Server Side Includes (SSI) Injection Incident.

Back to Runbooks

Overview

Apache Server Side Includes (SSI) Injection is a security incident that happens when an attacker injects malicious code or scripts in the server-side includes of an Apache web server. This vulnerability allows the attacker to execute arbitrary code or commands on the server, leading to unauthorized access, data loss, or other security breaches. This type of incident can be prevented by implementing secure coding practices, using input validation and sanitization techniques, and keeping web servers updated with the latest security patches.

Parameters

Debug

Check the Apache configuration file for SSI support

Check if the Apache server is running and listening on the expected port

Check the Apache access log for any suspicious requests

Check if there are any unauthorized modifications to SSI-enabled files

Check for any unauthorized modifications to critical system files

Check if there are any unauthorized modifications to the Apache configuration file

Check if any unauthorized users have SSH access to the server

Repair

Update the Apache configuration file to disable the use of Server Side Includes (SSI) and only allow the use of certain safe directives.

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.