Re: [Jack-Devel] www.jackaudio.org defacement

Prev	Next Index
Date	Fri, 30 Dec 2011 17:24:26 -0500
From	Paul Davis <[hidden] at linuxaudiosystems dot com>
To	John Rigg <[hidden] at jrigg dot co dot uk>
Cc	[hidden] at lists dot jackaudio dot org
In-Reply-To	Paul Davis Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Robert M. Riches Jr. Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Nedko Arnaudov Re: [Jack-Devel] www.jackaudio.org defacement

for now, i've switched the user that the website "runs as", but made a
different user the owner of all the files that comprise the website
itself. in theory this should prevent web-vectored attacks from
modifying any files. dreamhost does things slightly oddly AFAICT: i
think the httpd server itself runs as "nobody" but any CGI scripts are
executed as a specified user.

i also changed all passwords (including database access passwords etc).

we'll see how well this holds up against the pharma crackers.

Prev	Next Index

1325283875.29303_0.ltw:2,a <CAFa_cKmEvN_uBZJCJ0ByzAsBwk-9_e+gof_XkV7YvUJR=eehog at mail dot gmail dot com>