Mary Gardiner wrote:
I suspect attacks through web apps like WordPress are pretty common causes of comprise of machines run by essentially knowledgable people at the moment, because there doesn't seem yet to be a good set of best practices for packaging and updating them (upstream tends to aims their instructions at people who might not even have shell access, let alone root access, and there's the whole plugin universe too).
Out of curiosity, I often query the server used in the links provided in phishing scam emails. More often than not, the phishing box is a compromised Linux server running Apache and PHP. Rarely do I see a Windows server :( I would tend to blame an out-of-date PHP install rather than Apache as being the attack vector. If you are on AusCert or DebSec, you will know how many exploits are disovered in PHP 4 and 5. And they keep finding more. I did do a PHP install and was amazed at the server info p[ag. There are a myriad of hacks and "fixes" in PHP, as reflected in the PHP system variables, to turn off all sorts of insecure features. I got the feeling that out of the box and with little technical knowledge, PHP is not a healthy addition to any Linux server. Not wishing to start an OS war, but I rarely if ever have seen a BSD or Sun box compromised. Is this due to sheer numbers of Linux and Doze? cheers rickw -- ________________________________________________________________ Rick Welykochy || Praxis Services || Internet Driving Instructor The user's going to pick dancing pigs over security every time. -- Bruce Schneier -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html