mailing list archives
Re: Re: New Santy-Worm attacks *all* PHP-skripts
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 26 Dec 2004 01:39:14 -0500 (EST)
On Sat, 25 Dec 2004, Raistlin wrote:
Juergen Schmidt wrote:
the new santy version not only attacks phpBB.
How would these two worms react to classical hardening tips such as PHP
Safe mode and noexec /tmp ?
For this particular strain it would certainly help, but that is why there
exists new variations. Certainly doing it to /tmp, /usr/tmp, /var/tmp
could help, but it isn't 100% foolproof, and some don't even consider it
security. Another measure one might use is chmod 700 (or 400 depending on
your needs) wget.
Then again, you can always disable the functions in php.ini for exec and
system for instance to help stave off other similar attacks.
Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.
Full-Disclosure - We believe in it.