Hi Daniel, According to the audit this happened yesterday. I am searching astalavista but could not find anything, probably because I am being too specific. >From the php side (or closely) what steps would you recommend in order to have a better security? I could not find a consistent 'list' of configuration settings to disable or change besides the register_globals. >From the system side my list so far includes (some already in place previous) - no devel tools installed on the server (gcc etc) - /tmp mounted with no_exec - chroot apache - use mod_security Thanks. > > > > It's all good. We go off on tangents enough here anyway, so I > suppose one more wouldn't hurt. ;-P > > The person doing this seems to be relatively new to the scene, > only defacing websites with common vulnerabilities that you can find > anywhere on the Internet (http://astalavista.box.sk/ for example). > Check out Zone-H (http://www.zone-h.net/) to see if your domains are > on there, and to see if you can build a pattern from his/her past > exploits. That should help you in determining how he/she is doing it. > > You're on the right track in guessing that it was CMS-related. > Remember how many sites and servers were compromised when phpBB > exploits were announced and left unpatched? These jackass skript > kiddies just Google for known versions and deface whatever they can. > It's not like the old days where you picked a target and found a way > in.... now it's just that you pick your way in and find a target. > > *yawn!* No challenge anymore.... these kids are too lazy.... > > > -- > > Daniel P. Brown > [office] (570-) 587-7080 Ext. 272 > [mobile] (570-) 766-8107 > > If at first you don't succeed, stick to what you know best so that you > can make enough money to pay someone else to do it for you. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
