Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2014-01-05 15:00 keltezéssel, Joel Rees írta: >>> Only in Debian is phpMyAdmin owned by root. > > Has the Fedora project gone to the trouble to set up phpMyAdmin users? > > I know they've been pushing a number of services out to > service-specific users. Would be great if they've gone this far.

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Sun, Jan 5, 2014 at 8:32 PM, Chris Bannister wrote: > On Sat, Jan 04, 2014 at 10:13:00PM -0500, Jerry Stuckle wrote: >> On 1/4/2014 9:57 PM, Chris Bannister wrote: >> >On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote: >> >>Setting up a phpmyadmin config file is hardly "system >> >>

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 1/5/2014 6:32 AM, Chris Bannister wrote: On Sat, Jan 04, 2014 at 10:13:00PM -0500, Jerry Stuckle wrote: On 1/4/2014 9:57 PM, Chris Bannister wrote: On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote: Setting up a phpmyadmin config file is hardly "system administration". It's conf

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Sat, Jan 04, 2014 at 10:13:00PM -0500, Jerry Stuckle wrote: > On 1/4/2014 9:57 PM, Chris Bannister wrote: > >On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote: > >>Setting up a phpmyadmin config file is hardly "system > >>administration". It's configuration affects only itself, not t

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 1/4/2014 9:57 PM, Chris Bannister wrote: On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote: On 1/1/2014 10:24 PM, Bob Proulx wrote: System administration is hardly mundane. It is often misunderstood (as in this thread) but very important work. Setting up a phpmyadmin config f

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote: > On 1/1/2014 10:24 PM, Bob Proulx wrote: > >System administration is hardly mundane. It is often misunderstood > >(as in this thread) but very important work. > > > > Setting up a phpmyadmin config file is hardly "system > administra

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 1/1/2014 7:55 PM, Bob Proulx wrote: Jerry Stuckle wrote: Bob Proulx wrote: The default for phpmyadmin is that the files are owned by root not www-data. If they were owned by www-data then they would be unsafe. (If, and this is a hypothetical if, you told me the files were owned by a special

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 1/1/2014 10:24 PM, Bob Proulx wrote: Jerry Stuckle wrote: Raffaele Morelli wrote: Bob Proulx wrote: 2) The ownership of the files by root are safe. The default owner is root. Files owned by root with the default permissions are not writable by the web process. Files in the default config

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Fri, Jan 3, 2014 at 1:49 AM, Bob Proulx wrote: > [...pointers to linux containers and stow...] > Interesting posting concerning lxc on Debian: > > > http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-February/005097.html > > The other idea was GNU stow. > > https://www.gnu.or

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Joel Rees wrote: > I wonder whether we could design a set of default update calls for > such a system. It's a project to keep on the back burner, I suppose. Interesting ideas. When I read your description two different ideas in different directions came to my mind. One was Linux containers. Int

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2014/1/2 Bob Proulx > Raffaele Morelli wrote: > > Bob Proulx wrote: > > > 2) The ownership of the files by root are safe. The default owner is > > > root. Files owned by root with the default permissions are not > > > writable by the web process. Files in the default configuration are > > > no

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Thu, Jan 2, 2014 at 12:24 PM, Bob Proulx wrote: > [...] > For example if you install squirrelmail it will include > /usr/share/squirrelmail/**.php files in the package. Root owns those > files. This is good because that prevents any other account from > being able to modify those files. Tha

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On Thu, Jan 2, 2014 at 1:52 AM, Jerry Stuckle wrote: > On 1/1/2014 7:20 AM, Joel Rees wrote: >> >> On Wed, Jan 1, 2014 at 7:30 PM, Jerry Stuckle >> wrote: >>> >>> On 1/1/2014 2:52 AM, Joel Rees wrote: [...] On Wed, Jan 1, 2014 at 11:51 AM, Jerry Stuckle wrote: > > On

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Jerry Stuckle wrote: > Raffaele Morelli wrote: > > Bob Proulx wrote: > > > 2) The ownership of the files by root are safe. The default owner is > > > root. Files owned by root with the default permissions are not > > > writable by the web process. Files in the default configuration are > > > not

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Raffaele Morelli wrote: > Bob Proulx wrote: > > 2) The ownership of the files by root are safe. The default owner is > > root. Files owned by root with the default permissions are not > > writable by the web process. Files in the default configuration are > > not exploitable by that vulnerabilit

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Jerry Stuckle wrote: > Bob Proulx wrote: > > The default for phpmyadmin is that the files are owned by root not > > www-data. If they were owned by www-data then they would be unsafe. > > (If, and this is a hypothetical if, you told me the files were owned > > by a special phpmyadmin-data account,

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Raffaele Morelli wrote: > Bob Proulx wrote: > > The default for phpmyadmin is that the files are owned by root not > > www-data. If they were owned by www-data then they would be unsafe. > > (If, and this is a hypothetical if, you told me the files were owned > > by a special phpmyadmin-data accou

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On 1/1/2014 7:20 AM, Joel Rees wrote: On Wed, Jan 1, 2014 at 7:30 PM, Jerry Stuckle wrote: On 1/1/2014 2:52 AM, Joel Rees wrote: [...] On Wed, Jan 1, 2014 at 11:51 AM, Jerry Stuckle wrote: On 12/31/2013 8:43 PM, Joel Rees wrote: On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli wrote:

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On Wed, Jan 1, 2014 at 7:30 PM, Jerry Stuckle wrote: > On 1/1/2014 2:52 AM, Joel Rees wrote: >> >> [...] >> On Wed, Jan 1, 2014 at 11:51 AM, Jerry Stuckle >> wrote: >>> >>> On 12/31/2013 8:43 PM, Joel Rees wrote: On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli wrote: >

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On 1/1/2014 2:52 AM, Joel Rees wrote: Are we going to find ourselves talking around each other again, Jerry? Only if you insist. On Wed, Jan 1, 2014 at 11:51 AM, Jerry Stuckle wrote: On 12/31/2013 8:43 PM, Joel Rees wrote: On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli wrote: [...]

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

Are we going to find ourselves talking around each other again, Jerry? On Wed, Jan 1, 2014 at 11:51 AM, Jerry Stuckle wrote: > On 12/31/2013 8:43 PM, Joel Rees wrote: >> >> On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli >> wrote: >>> >>> [...] >>> I just want to add a (relevant) bit. >>> Apac

Re: apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On 12/31/2013 8:43 PM, Joel Rees wrote: On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli wrote: [...] I just want to add a (relevant) bit. Apache has tons of directives to secure a website and if you really need to upload in a dir you can tell apache to not execute php scripts in there or forc

apache as a system shell ( Debian Wheezy Compromised - www-data user is sending 1000 emails an hour)

On Wed, Jan 1, 2014 at 12:58 AM, Raffaele Morelli wrote: > [...] > I just want to add a (relevant) bit. > Apache has tons of directives to secure a website and if you really need to > upload in a dir you can tell apache to not execute php scripts in there or > force file type to text or prevent PO

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/31/2013 11:29 AM, Nemeth Gyorgy wrote: 2013-12-31 16:58 keltezéssel, Raffaele Morelli írta: 1. one should not be using root ownership for websites to solve permissions problems in website document root. On servers where there are N web developers this is absolutely the wrong way to go (you

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/31/2013 10:58 AM, Raffaele Morelli wrote: 2013/12/31 Jerry Stuckle mailto:jstuc...@attglobal.net>> BTW - your quoting style is not consistent, making it difficult to see which are your comments and which are in the post you are replying to. Jerry I broke quoting somewh

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013-12-31 16:58 keltezéssel, Raffaele Morelli írta: > 1. one should not be using root ownership for websites to solve > permissions problems in website document root. On servers where there > are N web developers this is absolutely the wrong way to go (you can't > go IMO). Webservers where there

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/31 Jerry Stuckle > > > BTW - your quoting style is not consistent, making it difficult to see > which are your comments and which are in the post you are replying to. > > Jerry > I broke quoting somewhere in the thread, BTW here is my main points. 1. one should not be using root ownersh

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013-12-31 09:01 keltezéssel, Raffaele Morelli írta: > Jerry Stuckle wrote: > > Raffaele Morelli wrote: > > > Again, the www-data user can safely be the owner of everything > in the > > > webroot, just think of phpmyadmin, there's nothing unsafe in > www-data > > The de

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/30/2013 4:30 PM, Bob Proulx wrote: > Jerry Stuckle wrote: >> Raffaele Morelli wrote: >>> Again, the www-data user can safely be the owner of everything in the >>> webroot, just think of phpmyadmin, there's nothing unsafe in www-data > > The default for phpmyadmin is that the files are owned

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/31/2013 3:00 AM, Raffaele Morelli wrote:> > 2013/12/30 Bob Proulx mailto:b...@proulx.com>> > > Raffaele Morelli wrote: > > Reco wrote: > > > Raffaele Morelli wrote: > > > > The main point was that an attacker wrote a php script in the OP > > > > (wordpress? joomla?)

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/30 Bob Proulx > Jerry Stuckle wrote: > > Raffaele Morelli wrote: > > > Again, the www-data user can safely be the owner of everything in the > > > webroot, just think of phpmyadmin, there's nothing unsafe in www-data > > The default for phpmyadmin is that the files are owned by root not >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/30 Bob Proulx > Raffaele Morelli wrote: > > Reco wrote: > > > Raffaele Morelli wrote: > > > > The main point was that an attacker wrote a php script in the OP > > > > (wordpress? joomla?) theme folder and used this script to access > sendmail > > > > executable (I wonder those file/folder

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Jerry Stuckle wrote: > Raffaele Morelli wrote: > > Again, the www-data user can safely be the owner of everything in the > > webroot, just think of phpmyadmin, there's nothing unsafe in www-data The default for phpmyadmin is that the files are owned by root not www-data. If they were owned by www

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Raffaele Morelli wrote: > Reco wrote: > > Raffaele Morelli wrote: > > > The main point was that an attacker wrote a php script in the OP > > > (wordpress? joomla?) theme folder and used this script to access sendmail > > > executable (I wonder those file/folder ownership, root? www-data?). > > > >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Thu, 26 Dec 2013 11:03:38 +0100 Raffaele Morelli wrote: > We are going too deep and too far away and you claims on languages are > generic and personal IMO, bug reports are important but if we judge > packages on a bug number basis we "destroy" everything. > > We have very different point of

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/25 Reco > Hi. > > On Wed, 25 Dec 2013 12:02:50 +0100 > Raffaele Morelli wrote: > > > > > IMHO your claim is a little bit conceited, it sounds like a > self-styled > > > web > > > > developer "guru" talking to his ego. > > > > > > Have I offended you somehow? Why this personal attack? >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/25/2013 6:10 AM, Raffaele Morelli wrote: 2013/12/24 Jerry Stuckle mailto:jstuc...@attglobal.net>> On 12/24/2013 10:37 AM, Raffaele Morelli wrote: Are u kidding? Apache writes and creates everything you want if directory/files permissions are designed for and that

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Wed, 25 Dec 2013 12:02:50 +0100 Raffaele Morelli wrote: > > > IMHO your claim is a little bit conceited, it sounds like a self-styled > > web > > > developer "guru" talking to his ego. > > > > Have I offended you somehow? Why this personal attack? > > > > Nothing personal, just a remind

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Jerry Stuckle > On 12/24/2013 10:37 AM, Raffaele Morelli wrote: > > > >> Are u kidding? Apache writes and creates everything you want if >> directory/files permissions are designed for and that is what you want. >> >> > Incorrect. Apache writes or creates NOTHING. The web server use

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > On Tue, 24 Dec 2013 17:08:48 +0100 > Raffaele Morelli wrote: > > > 2013/12/24 Reco > > > > > > > > > > > > > That's one way of doin' it. Now, to rely on poorly-implemented > > > > > 'security' features of PHP - that's something really not worth > doing. > > > > > > > > > > > >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Mon, 23 Dec 2013 18:42:24 +0100, Gilles Mocellin wrote: > Le 23/12/2013 15:30, Raffaele Morelli a écrit : >> 2013/12/14 Lukasz Szybalski > > >> >> >> [...] >> >> >> root should not own files served by apache for any reason, that's >> really "dangerous"! >> you sh

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 10:37 AM, Raffaele Morelli wrote: Are u kidding? Apache writes and creates everything you want if directory/files permissions are designed for and that is what you want. Incorrect. Apache writes or creates NOTHING. The web server user can create and write files from a script

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Tue, 24 Dec 2013 17:08:48 +0100 Raffaele Morelli wrote: > 2013/12/24 Reco > > > > > > > > > That's one way of doin' it. Now, to rely on poorly-implemented > > > > 'security' features of PHP - that's something really not worth doing. > > > > > > > > > That's absolutely you point of view, a wi

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 11:08 PM, Raffaele Morelli wrote: IMHO your claim is a little bit conceited, it sounds like a self-styled web developer "guru" talking to his ego. Hey Raffaele, You and Reco are talking about root - www-data, chown - chroot... things, not his personal characteristics. Your reply

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > > > > > That's one way of doin' it. Now, to rely on poorly-implemented > > > 'security' features of PHP - that's something really not worth doing. > > > > > > That's absolutely you point of view, a wise and skilled developer does > > everything safe, a poor minded simply does no

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Tue, 24 Dec 2013 16:37:45 +0100 Raffaele Morelli wrote: > > > So ownership to root does matter? > > > > Which ownership are you talking about? > > Was directory in question was owned by root, the attacker could not > > create own files. > > Was php files in question was owned by root, the atta

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > Hi. > > On Tue, 24 Dec 2013 15:40:39 +0100 > Raffaele Morelli wrote: > > > 2013/12/24 Reco > > > > > On Tue, 24 Dec 2013 14:32:58 +0100 > > > Raffaele Morelli wrote: > > > > > > > The main point was that an attacker wrote a php script in the OP > > > > (wordpress? joomla?) t

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 15:40:39 +0100 Raffaele Morelli wrote: > 2013/12/24 Reco > > > On Tue, 24 Dec 2013 14:32:58 +0100 > > Raffaele Morelli wrote: > > > > > The main point was that an attacker wrote a php script in the OP > > > (wordpress? joomla?) theme folder and used this script to acc

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > On Tue, 24 Dec 2013 14:32:58 +0100 > Raffaele Morelli wrote: > > > The main point was that an attacker wrote a php script in the OP > > (wordpress? joomla?) theme folder and used this script to access sendmail > > executable (I wonder those file/folder ownership, root? www-data

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Tue, 24 Dec 2013 14:32:58 +0100 Raffaele Morelli wrote: > The main point was that an attacker wrote a php script in the OP > (wordpress? joomla?) theme folder and used this script to access sendmail > executable (I wonder those file/folder ownership, root? www-data?). Directory's owner is www

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 PaulNM > > > On 12/24/2013 04:37 AM, Reco wrote: > > Hi. > > > > On Tue, 24 Dec 2013 09:59:39 +0100 > > Raffaele Morelli wrote: > >> Yes, I missed this point. > >> > >> BTW, as I don't want to rewrite someone else system security rules, > let's > >> say that: MY best practice is to h

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 04:34 AM, Reco wrote: > Hi. > snip > > I'm not Paul, but that's simple. > Setuid bit is ignored for scripts. > > The reason for it is - the only thing that's able to spawn a process is > an executable, which has certain format (ELF for Linux, possibly a.out > - that depends on a

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 04:37 AM, Reco wrote: > Hi. > > On Tue, 24 Dec 2013 09:59:39 +0100 > Raffaele Morelli wrote: >> Yes, I missed this point. >> >> BTW, as I don't want to rewrite someone else system security rules, let's >> say that: MY best practice is to have www-data or any other NON-root user >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > Hi. > > On Tue, 24 Dec 2013 09:59:39 +0100 > Raffaele Morelli wrote: > > Yes, I missed this point. > > > > BTW, as I don't want to rewrite someone else system security rules, let's > > say that: MY best practice is to have www-data or any other NON-root user > > as the scripts

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 09:59:39 +0100 Raffaele Morelli wrote: > Yes, I missed this point. > > BTW, as I don't want to rewrite someone else system security rules, let's > say that: MY best practice is to have www-data or any other NON-root user > as the scripts owner. So, basically you're allo

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 10:03:15 +0100 "Hans-J. Ullrich" wrote: > Hi Paul, > I do not intend to hijack this discussion but I think I have got the same > problem! > > Fist thank you for your explanation. I am following this discussion and I > have > a similar problem. I made a script, which

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 02:57 AM Raffaele Morelli wrote: Read apache webserver documentation. This is a good idea in general, but a more specific reference would actually be practical. There is no problem whatsoever with files being owned by root. This is done all of the time. It is okay.

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

> > No, php script *RUN* by root -> full system access > > php script run by www-data -> access to what www-data has access to. > > Owner/Group/Other permissions only affect who has access to the > file/folder, not the kind of access the file (process) itself has when > run. Two very different c

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 PaulNM > > > On 12/24/2013 03:00 AM, Raffaele Morelli wrote: > > > > 2013/12/24 Reco mailto:recovery...@gmail.com>> > > > > Hi. > > > > On Tue, 24 Dec 2013 08:47:17 +0100 > > Raffaele Morelli > > wrote: > > > > > I think you shou

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/24/2013 03:00 AM, Raffaele Morelli wrote: > > 2013/12/24 Reco mailto:recovery...@gmail.com>> > > Hi. > > On Tue, 24 Dec 2013 08:47:17 +0100 > Raffaele Morelli > wrote: > > > I think you should read man pages on shells and privileg

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 09:00:59 +0100 Raffaele Morelli wrote: > php script is owned by root -> full system access > > now, try `su - www-data` and have a look at the shell you are in. > there you are if you can get it. # apt-get install apache2 php5-cli … # cat > /var/www/test.php << EOF >

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 08:57:36 +0100 Raffaele Morelli wrote: > Keep in mind that if a php script is owned by root user and there's a > security hole in it, an attacker can easily access every block of your file > system. Executing root-owned php script by www-data user will give you a proces

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Reco > Hi. > > On Tue, 24 Dec 2013 08:47:17 +0100 > Raffaele Morelli wrote: > > > I think you should read man pages on shells and privileges first and > what a > > user can do. > > Can you elaborate please how exactly serving root-owned file with > apache is a bad thing for security?

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/24 Bob Proulx > Raffaele Morelli wrote: > > Lukasz Szybalski wrote: > > > Thanks for the feedback. I did check with other production sites I run, > > > and most of them are owned by root. I have to test to see "if you want > to > > > use the "wordpress" to upload a theme using the site UI

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hi. On Tue, 24 Dec 2013 08:47:17 +0100 Raffaele Morelli wrote: > I think you should read man pages on shells and privileges first and what a > user can do. Can you elaborate please how exactly serving root-owned file with apache is a bad thing for security? Reco -- To UNSUBSCRIBE, email to

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/23 Gilles Mocellin > Le 23/12/2013 15:30, Raffaele Morelli a écrit : > > 2013/12/14 Lukasz Szybalski > >> >>> [...] >> > > root should not own files served by apache for any reason, that's > really "dangerous"! > you should never do that... > > > Excuse-me, but I think you're wro

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Raffaele Morelli wrote: > Lukasz Szybalski wrote: > > Thanks for the feedback. I did check with other production sites I run, > > and most of them are owned by root. I have to test to see "if you want to > > use the "wordpress" to upload a theme using the site UI", I think you might > > be forced t

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Tue, Dec 24, 2013 at 2:42 AM, Gilles Mocellin wrote: > Le 23/12/2013 15:30, Raffaele Morelli a écrit : > > 2013/12/14 Lukasz Szybalski >>> >>> >> [...] > > > root should not own files served by apache for any reason, that's really > "dangerous"! > you should never do that... > > > Excuse-me, b

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Le 23/12/2013 15:30, Raffaele Morelli a écrit : 2013/12/14 Lukasz Szybalski > [...] root should not own files served by apache for any reason, that's really "dangerous"! you should never do that... Excuse-me, but I think you're wrong. The only reason I see

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

2013/12/14 Lukasz Szybalski > >> Thanks for the feedback. I did check with other production sites I run, > and most of them are owned by root. I have to test to see "if you want to > use the "wordpress" to upload a theme using the site UI", I think you might > be forced to have the www-data own a

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Thu, Dec 12, 2013 at 12:12:57AM -0500, Bob Bernstein wrote: > On Wed, Dec 11, 2013 at 08:57:57PM -0600, Lukasz Szybalski wrote: > > >I run my own site, and I do have postfix, apache, wordpress, > >and moinmoin installed. www-data is sending 100s of emails a > >minute. > > I hope

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Wed, Dec 11, 2013 at 08:57:57PM -0600, Lukasz Szybalski wrote: >I run my own site, and I do have postfix, apache, wordpress, >and moinmoin installed. www-data is sending 100s of emails a >minute. I hope you have by hook or crook pulled the plug on this system by now. I believe y

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On Wed, Dec 11, 2013 at 07:07:42PM -0800, David Christensen wrote: > On 12/11/2013 06:57 PM, Lukasz Szybalski wrote: > >I run my own site, and I do have postfix, apache, wordpress, and moinmoin > >installed. www-data is sending 100s of emails a minute. Either wordpress or > >moinmoin is compromised

Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

On 12/11/2013 06:57 PM, Lukasz Szybalski wrote: I run my own site, and I do have postfix, apache, wordpress, and moinmoin installed. www-data is sending 100s of emails a minute. Either wordpress or moinmoin is compromised? How do I debug to find out where is the problem? I suggest that you shut

Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

Hello, I run my own site, and I do have postfix, apache, wordpress, and moinmoin installed. www-data is sending 100s of emails a minute. Either wordpress or moinmoin is compromised? How do I debug to find out where is the problem? I'm watching the mail.log and I see a lot of "emails" being sent fr