Successful SSH Attack - Need help cleaning up

Matthew Walker rorith at kydance.net
Tue Oct 31 10:21:50 MST 2006


On Tue, October 31, 2006 9:58 am, Matthew Frederico wrote:
> At any rate, if you are running php, double-check your settings and make
> SURE you turn of the url-fopen wrappers -  Those can cause havoc.  Also
> double-check you're running in safe mode, and set open basedir settings in
> your apache conf per virtual host.
>

And use a decent forum package, like SMF. I strongly discourage anyone who
asks from using phpBB. It's had too many security problems for me to be
comfortable with it going forward. Perhaps it's improved since I last used
it, but I don't trust that, given their track record.

I've never had my SMF installs get hijacked, and I had multiple phpBB
installs hijacked, despite running sane configs for PHP. Some of the phpBB
hacks didn't require anything but file upload ability in PHP.

And finally, regardless of which forum system you use, or how your PHP is
configured, stay on top of security updates for the packages you use. Go
to their websites, and read the release notes for new versions. This
obviously isn't feasible for every package on your system, but any package
that allows communication with the outside world should be closely
monitored.

-- 
Matthew Walker
Kydance Hosting & Consulting
LAMP Specialist



More information about the PLUG mailing list