On Sat, Apr 08, 2006 at 03:21:05PM +0200, Marek Podmaka wrote: > So what it is? People (no, they aren't hackers :) try to use your resources > for their "actions". These scripts are mainly irc bots waiting for commands > and can perform actions like googling for other vulnerable servers, doing > udpflood and so on. So part of the solution is to block port 6667 in > firewall :) I think in most situations it is best to block all outgoing connections and open those that are necessary. This will make most attacks very difficult. > Solutions (please contribute if you have any ideas): > 1) /tmp noexec, better also /var/tmp (not useful if evil executes "perl > /tmp/.evilscript") Also /dev/shm. > 4) use wrapper for emails - I have one which includes special headers to > mails sent from php, I'm going to modify it to support limits on no. of > mails sent in timeframe I hope you share this.
Description: Digital signature