[Bradford] chkrootkit and nasties found

Robert Burrell Donkin robertburrelldonkin at gmail.com
Thu Oct 6 07:50:53 UTC 2011


On Thu, Oct 6, 2011 at 7:41 AM, Alice Kærast <kaerast at computergentle.com> wrote:
>
> It's more likely to be PHP or cgi scripts than Apache itself that has
> vulnerabilities. Best practise is to limit what the user running Apache can
> do to try and limit your risks. However if you're running a control panel
> then it's going to need access to a lot of things; if you can create new
> users from your web control panel then so can anybody who finds a
> vulnerability in any php/cgi scripts.

+1

> There's things like mod_security for Apache which can help, but it needs
> lots of tuning and rule writing. Maybe you can also limit access to the
> control panel by ip address and ssh/vpn in if you need remote access.

+1

> And it goes without saying that everything should be kept up to date. I've
> seen a number of instances recently where vulnerabilities in WordPress
> plugins or other PHP software has led to either malware being hosted or PHP
> shells being run.

+1

And subscribe to the announcement lists for Apache, PHP, Debian etc

Robert (wondering about whether we could all meet up for a BradLUG
special on this in a coffee house sometime)



More information about the Bradford mailing list