[Bradford] chkrootkit and nasties found

Brian bradlug at techchico.org.uk
Thu Oct 6 09:46:09 UTC 2011 

All I do is set permissions of what can access what & from where. The problem I have found is that if you spoof a referrer then it is possible to bypass some of the security. So, if there is more that can be done in web security I'd be interested in that.

It would be interesting to compare "Linux Mint Debian Edition" (LMDE) with the virgin Debian. At one time LMDE was like Debian 'Testing' but with the Mint desktop and the various drivers pre-installed etc. out of the box. Now they delay upgrades for a month to achieve more stability. I assume though, that if you are installing Debian, it will be an old stable version rather than a daily update.

Brian



________________________________

On Thu, Oct 6, 2011 at 7:41 AM, Alice Kærast <kaerast at computergentle.com> wrote:
>
> It's more likely to be PHP or cgi scripts than Apache itself that has
> vulnerabilities. Best practise is to limit what the user running Apache can
> do to try and limit your risks. However if you're running a control panel
> then it's going to need access to a lot of things; if you can create new
> users from your web control panel then so can anybody who finds a
> vulnerability in any php/cgi scripts.

+1

> There's things like mod_security for Apache which can help, but it needs
> lots of tuning and rule writing. Maybe you can also limit access to the
> control panel by ip address and ssh/vpn in if you need remote access.

+1

> And it goes without saying that everything should be kept up to date. I've
> seen a number of instances recently where vulnerabilities in WordPress
> plugins or other PHP software has led to either malware being hosted or PHP
> shells being run.

+1

And subscribe to the announcement lists for Apache, PHP, Debian etc

Robert (wondering about whether we could all meet up for a BradLUG
special on this in a coffee house sometime)

_______________________________________________
Bradford mailing list
Bradford at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bradford
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/bradford/attachments/20111006/868d9917/attachment.htm>

More information about the Bradford mailing list