Re: [Jack-Devel] www.jackaudio.org defacement
On 12/30/2011 05:02 PM, Paul Davis wrote:
> On Fri, Dec 30, 2011 at 5:52 PM, Robert M. Riches Jr.
> <[hidden]> wrote:
>>> executed as a specified user.
>>
>> I might be mistaken, but doesn't the cgi or fast-cgi flavor of
>> php.ini control what user runs CGI scripts?
> that's very likely what Dreamhost sets up based on my request ...
What user runs what scripts depends on more than just CGI / FastCGI.
What MPM Apache is using, whether suexec is enabled, whether PHP is
configured to use suphp or one of the cgi handlers, etc. Any and all of
these settings can be overridden by a web control panel that does it wrong.
Paul, I would suggest moving to a better-managed hosting service. Full
disclosure: I work for hostgator.com, but I do not receive any special
compensating for steering business our way.
I recommend hostgator because I know how our security team works, and I
know that, for our shared services, we use the Worker MPM, suphp as our
PHP handler, and suexec enabled. Scripts execute as the user and are,
therefore, properly restricted in what they can do. Setting files +ia
works, which I personally deal with every day. The security team has
scripts that are constantly being updated to detect and resolve issues
like this, and if this had happened on one of our servers, it would have
been resolved within an hour and would not recur. We are amazingly good
at keeping security issues from happening multiple times.
Anyway, I hope this isn't inappropriate for the list; I just think it
would be a real bummer to have jack audio not be one of the top results
on Google anymore, or to have our site defaced, so I'd like to offer
what suggestions I can to, hopefully, improve the situation.
David Nielson
1325311504.27160_0.ltw:2,a <4EFEA604.5040802 at comcast dot net>