[Bradford] chkrootkit and nasties found
Alice Kærast
kaerast at computergentle.com
Thu Oct 6 11:32:14 UTC 2011
I'd be up for a meeting to discuss server / web security issues. I know
a lot of us are fairly good at this sort of stuff, but there's always
new things to learn.
Maybe we could have a session playing with a DVWA box, that'd be a god
way of showing a load of issues likely to come up in real life.
Sent from my Windows Mobile® phone.
From: Robert Burrell Donkin <robertburrelldonkin at gmail.com>
Sent: 06 October 2011 08:50
To: Alice Kærast <kaerast at computergentle.com>
Cc: Dick Thomas <xpd259 at gmail.com>; Bradlug Mailing list
<bradford at mailman.lug.org.uk>
Subject: Re: [Bradford] chkrootkit and nasties found
On Thu, Oct 6, 2011 at 7:41 AM, Alice Kærast <kaerast at computergentle.com> wrote:
>
> It's more likely to be PHP or cgi scripts than Apache itself that has
> vulnerabilities. Best practise is to limit what the user running Apache can
> do to try and limit your risks. However if you're running a control panel
> then it's going to need access to a lot of things; if you can create new
> users from your web control panel then so can anybody who finds a
> vulnerability in any php/cgi scripts.
+1
> There's things like mod_security for Apache which can help, but it needs
> lots of tuning and rule writing. Maybe you can also limit access to the
> control panel by ip address and ssh/vpn in if you need remote access.
+1
> And it goes without saying that everything should be kept up to date. I've
> seen a number of instances recently where vulnerabilities in WordPress
> plugins or other PHP software has led to either malware being hosted or PHP
> shells being run.
+1
And subscribe to the announcement lists for Apache, PHP, Debian etc
Robert (wondering about whether we could all meet up for a BradLUG
special on this in a coffee house sometime)
More information about the Bradford
mailing list