[Bradford] chkrootkit and nasties found
Robert Burrell Donkin
robertburrelldonkin at gmail.com
Thu Oct 6 07:50:53 UTC 2011
On Thu, Oct 6, 2011 at 7:41 AM, Alice Kærast <kaerast at computergentle.com> wrote:
>
> It's more likely to be PHP or cgi scripts than Apache itself that has
> vulnerabilities. Best practise is to limit what the user running Apache can
> do to try and limit your risks. However if you're running a control panel
> then it's going to need access to a lot of things; if you can create new
> users from your web control panel then so can anybody who finds a
> vulnerability in any php/cgi scripts.
+1
> There's things like mod_security for Apache which can help, but it needs
> lots of tuning and rule writing. Maybe you can also limit access to the
> control panel by ip address and ssh/vpn in if you need remote access.
+1
> And it goes without saying that everything should be kept up to date. I've
> seen a number of instances recently where vulnerabilities in WordPress
> plugins or other PHP software has led to either malware being hosted or PHP
> shells being run.
+1
And subscribe to the announcement lists for Apache, PHP, Debian etc
Robert (wondering about whether we could all meet up for a BradLUG
special on this in a coffee house sometime)
More information about the Bradford
mailing list