Re: security issues with apache!

To: debian-security@lists.debian.org, debian-user@lists.debian.org
Subject: Re: security issues with apache!
From: Florian Reitmeir <florian@reitmeir.org>
Date: Tue, 7 Mar 2006 13:45:14 +0100
Message-id: <[🔎] 20060307124514.GB17944@squat.noreply.org>
Mail-followup-to: debian-security@lists.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 440D7086.3000700@ifi.uio.no>
References: <440D5F25.4090800@isecore.net> <[🔎] 22414.192.165.213.18.1141728978.squirrel@montblanc.homeip.net> <[🔎] 440D7086.3000700@ifi.uio.no>

> I had a similar encounter about 2 months ago. The intruder exploited a 
> PHP script that was poorly written. If you check your http access logs, 
> you will most likely find an entry about the PHP that is been exploited. 
> Once you find the offending PHP script, you can either remove it or  
> add  an  exit(0); on top of the script so that it does not accept any 
> input. If you are a good PHP programmer, you could fix the script so 
> that it validates whatever input its getting.

if PHP is the entry point, then take a look at

- libapache2-mod-suphp
- PHP SAFE-Mode
- PHP Basedir
- set 'allow_url_fopen = Off' in your php.ini

they help. Also make sure, that there is no
writeable directory for the apache user.

-- 
Florian Reitmeir

Reply to:

Follow-Ups:
- Re: security issues with apache!
  - From: Enver ALTIN <ealtin@parkyeri.com>

References:
- Re: security issues with apache!
  - From: "Josep Serrano" <mylists@montblanc.homeip.net>
- Re: security issues with apache!
  - From: Ismail <ismailh@ifi.uio.no>

Prev by Date: Re: security issues with apache!
Next by Date: unsubscribe
Previous by thread: Re: security issues with apache!
Next by thread: Re: security issues with apache!
Index(es):
- Date
- Thread