Thanks for the input
unum at unum5.org
Wed Jul 15 10:54:08 MDT 2009
On 07/15/2009 10:40 AM, Scott Morris wrote:
> Great responses, all.
> I should clarify that the box was not rooted. A vulnerability in the
> PHP code on the box was exploited to place tools on the machine. They
> had access to files that were owned by the user running apache. The
> only files that I could see that were changed were in the web root.
With this in mind there are some other things that come to mind.
UPDATE!!!! Can't believe I forgot that one.
Also use memory safe string copying. Read "smashing the stack for fun
and profit" to understand that.
Sanitize your user input(sql and stack smashing).
Also back up code and data. Again set up the cron job.
There are also tools like tripwire that help with the md5/sha1 stuff.
More information about the PLUG