Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: New Santy-Worm attacks *all* PHP-skripts
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 26 Dec 2004 01:39:14 -0500 (EST)

On Sat, 25 Dec 2004, Raistlin wrote:

Juergen Schmidt wrote:

the new santy version not only attacks phpBB.

How would these two worms react to classical hardening tips such as PHP 
Safe mode and noexec /tmp ?

For this particular strain it would certainly help, but that is why there 
exists new variations.  Certainly doing it to /tmp, /usr/tmp, /var/tmp 
could help, but it isn't 100% foolproof, and some don't even consider it 
security.  Another measure one might use is chmod 700 (or 400 depending on 
your needs) wget.

Then again, you can always disable the functions in php.ini for exec and 
system for instance to help stave off other similar attacks.


Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]