Yep, I'm replying to a very old thread.
.......................................
OP, I am just wondering if you resolved your issue here, and if you are still
using Suhosin?
If not, did you move to mod_security, as other repliers had suggested, or
something else?
thank you,
Jerry
On 02/19/10 09:25 AM, James Smallacombe wrote:
After a recent php compromise of the www user on my web server via the Zen Cart
"record company" exploit, I installed the Suhosin extension (patch was already
there). Suhosin helped a great deal. It enabled me to block certain php
functions globally and re-enable them on a per-vhost basis, as needed. Perhaps
just as importantly, it logged violations, along with IP addresses, which not
only enabled me to track down attackers, but also troubleshoot which vhosts
needed which functions to work properly.
After having customers' content providers patch their respective Zen Carts and
purging/disabling the several c99shells and other nasty scripts uploaded by
kiddies, we found that the patched Zen carts wouldn't function properly and
wasn't logging what part of Suhosin was blocking functionality. Neither Zen
developers nor the Suhosin author responded to requests for a workaround for
this.
Sadly, there doesn't appear to be any current development or support for the
Suhosin extension, no forum or mailing list. This leaves one wondering what the
best way is to manage php (and other) security on the web server. Does
mod_security allow some of the same funtionality, and is there current support
and development of it? What's the best current practive WRT Apache and php
security?
TIA,
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=========================================================================
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
