Re: Help securing a server : Owned by W4n73d H4ck3r

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 9, 2007 5:48 PM, robert mena <robert.mena@xxxxxxxxx> wrote:
> Hi Daniel,
>
> According to the audit this happened yesterday.
>
> I am searching astalavista but could not find anything, probably
> because I am being too specific.
>
> From the php side (or closely) what steps would you recommend in order
> to have a better security?
>
> I could not find a consistent 'list' of configuration settings to
> disable or change besides the register_globals.
>
> From the system side my list so far includes (some already in place previous)
> - no devel tools installed on the server (gcc etc)
> - /tmp mounted with no_exec
> - chroot apache
> - use mod_security
>
> Thanks.
>
>
> > >
> >
> >    It's all good.  We go off on tangents enough here anyway, so I
> > suppose one more wouldn't hurt.  ;-P
> >
> >    The person doing this seems to be relatively new to the scene,
> > only defacing websites with common vulnerabilities that you can find
> > anywhere on the Internet (http://astalavista.box.sk/ for example).
> > Check out Zone-H (http://www.zone-h.net/) to see if your domains are
> > on there, and to see if you can build a pattern from his/her past
> > exploits.  That should help you in determining how he/she is doing it.
> >
> >    You're on the right track in guessing that it was CMS-related.
> > Remember how many sites and servers were compromised when phpBB
> > exploits were announced and left unpatched?  These jackass skript
> > kiddies just Google for known versions and deface whatever they can.
> > It's not like the old days where you picked a target and found a way
> > in.... now it's just that you pick your way in and find a target.
> >
> >    *yawn!* No challenge anymore.... these kids are too lazy....
> >
> >
> > --
> >
> > Daniel P. Brown
> > [office] (570-) 587-7080 Ext. 272
> > [mobile] (570-) 766-8107
> >
> > If at first you don't succeed, stick to what you know best so that you
> > can make enough money to pay someone else to do it for you.
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

You may try the suhosin patch:

http://www.hardened-php.net/suhosin/

I'm using FreeBSD and the current versions of php comes with it
selected by default (probably for a good reason)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux