On Nov 9, 2007 5:48 PM, robert mena <robert.mena@xxxxxxxxx> wrote: > Hi Daniel, > > According to the audit this happened yesterday. > > I am searching astalavista but could not find anything, probably > because I am being too specific. > > From the php side (or closely) what steps would you recommend in order > to have a better security? > > I could not find a consistent 'list' of configuration settings to > disable or change besides the register_globals. > > From the system side my list so far includes (some already in place previous) > - no devel tools installed on the server (gcc etc) > - /tmp mounted with no_exec > - chroot apache > - use mod_security > > Thanks. > > > > > > > > > It's all good. We go off on tangents enough here anyway, so I > > suppose one more wouldn't hurt. ;-P > > > > The person doing this seems to be relatively new to the scene, > > only defacing websites with common vulnerabilities that you can find > > anywhere on the Internet (http://astalavista.box.sk/ for example). > > Check out Zone-H (http://www.zone-h.net/) to see if your domains are > > on there, and to see if you can build a pattern from his/her past > > exploits. That should help you in determining how he/she is doing it. > > > > You're on the right track in guessing that it was CMS-related. > > Remember how many sites and servers were compromised when phpBB > > exploits were announced and left unpatched? These jackass skript > > kiddies just Google for known versions and deface whatever they can. > > It's not like the old days where you picked a target and found a way > > in.... now it's just that you pick your way in and find a target. > > > > *yawn!* No challenge anymore.... these kids are too lazy.... > > > > > > -- > > > > Daniel P. Brown > > [office] (570-) 587-7080 Ext. 272 > > [mobile] (570-) 766-8107 > > > > If at first you don't succeed, stick to what you know best so that you > > can make enough money to pay someone else to do it for you. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > You may try the suhosin patch: http://www.hardened-php.net/suhosin/ I'm using FreeBSD and the current versions of php comes with it selected by default (probably for a good reason) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php