Re: Suhosin vs. mod_security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 19/02/2010 15:25, James Smallacombe wrote:


After a recent php compromise of the www user on my web server via the
Zen Cart "record company" exploit, I installed the Suhosin extension
(patch was already there). Suhosin helped a great deal. It enabled me to
block certain php functions globally and re-enable them on a per-vhost
basis, as needed. Perhaps just as importantly, it logged violations,
along with IP addresses, which not only enabled me to track down
attackers, but also troubleshoot which vhosts needed which functions to
work properly.

After having customers' content providers patch their respective Zen
Carts and purging/disabling the several c99shells and other nasty
scripts uploaded by kiddies, we found that the patched Zen carts
wouldn't function properly and wasn't logging what part of Suhosin was
blocking functionality. Neither Zen developers nor the Suhosin author
responded to requests for a workaround for this.

Sadly, there doesn't appear to be any current development or support for
the Suhosin extension, no forum or mailing list. This leaves one
wondering what the best way is to manage php (and other) security on the
web server. Does mod_security allow some of the same funtionality, and
is there current support and development of it? What's the best current
practive WRT Apache and php security?
I don't know what Suhosin does so I can't compare its features to mod-security. However, I've been on the mod-security mailing list for quite a while now, and it's still under very active development. The latest version was released only 2 weeks ago and the core rules are being updated regularly. The level of support on the official mailing list is excellent as well. 

--
Mike Cardwell    : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/       #06920226
Technical Blog   : Tech Blog  - https://secure.grepular.com/
Spamalyser       : Spam Tool  - http://spamalyser.com/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux