[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security issues with apache!

Hi,

Florian Reitmeir wrote:
I had a similar encounter about 2 months ago. The intruder exploited a PHP script that was poorly written. If you check your http access logs, you will most likely find an entry about the PHP that is been exploited. Once you find the offending PHP script, you can either remove it or add an exit(0); on top of the script so that it does not accept any input. If you are a good PHP programmer, you could fix the script so that it validates whatever input its getting. 

if PHP is the entry point, then take a look at

- libapache2-mod-suphp
- PHP SAFE-Mode
- PHP Basedir
- set 'allow_url_fopen = Off' in your php.ini

they help. Also make sure, that there is no
writeable directory for the apache user.
If you have to leave some writable folders for Apache user, say, /tmp, moving /tmp to another partition/filesystem and mounting it with "noexec" option would prevent most harm /any/ PHP script can cause.
A PHP script alone can do little, but along with an HTTP-uploaded ELF binary that gets executed in the security context of Apache web server is a lot more scary. 

-HAND
--
Enver
Reply to: