Sorry for the top post. Most Joomla sites use a combination of ftp and suexec for their installations. My systme has been using webdav and not ftp for Joomla. So far it hasn't been a problem except for one site that didn't keep their joomla install up to date. Only that site was compromised not the entiee server. Happy Connecting. Sent from my Sprint Samsung Galaxy S® 5 Sport -------- Original message -------- From: Gibbs <linux@xxxxxxxxxxxxxxx> Date:12/28/2014 10:24 AM (GMT-05:00) To: php-general@xxxxxxxxxxxxx Cc: Subject: Re: [PHP] So, you think your web server is secure? On 27/12/14 13:47, Stuart Dallas wrote: > Came across this today and thought it might be of interest. Some food for thought at the very least. > > > http://vimeo.com/11213607 > > > > Note that the whole scenario starts with a lack of adequate MySQL escaping. The smallest vulnerability can lead to a massive intrusion. > > > -Stuart This is pretty old and realistically, with any half-well implemented server, the worst an SQL injection can do is read from the database. The reverse shell script (that we don't see) would not working on the vast majority of hosts which would stop this in it tracks very early on. Besides who still uses FTP and virtual users? Gibbs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
