Re: [Jack-Devel] www.jackaudio.org defacement

  On 12/30/2011 05:02 PM, Paul Davis wrote:
> On Fri, Dec 30, 2011 at 5:52 PM, Robert M. Riches Jr.
> <[hidden]>  wrote:
>>> executed as a specified user.
>>
>> I might be mistaken, but doesn't the cgi or fast-cgi flavor of
>> php.ini control what user runs CGI scripts?
> that's very likely what Dreamhost sets up based on my request ...
What user runs what scripts depends on more than just CGI / FastCGI. 
What MPM Apache is using, whether suexec is enabled, whether PHP is 
configured to use suphp or one of the cgi handlers, etc. Any and all of 
these settings can be overridden by a web control panel that does it wrong.

Paul, I would suggest moving to a better-managed hosting service. Full 
disclosure: I work for hostgator.com, but I do not receive any special 
compensating for steering business our way.

I recommend hostgator because I know how our security team works, and I 
know that, for our shared services, we use the Worker MPM, suphp as our 
PHP handler, and suexec enabled. Scripts execute as the user and are, 
therefore, properly restricted in what they can do. Setting files +ia 
works, which I personally deal with every day. The security team has 
scripts that are constantly being updated to detect and resolve issues 
like this, and if this had happened on one of our servers, it would have 
been resolved within an hour and would not recur. We are amazingly good 
at keeping security issues from happening multiple times.

Anyway, I hope this isn't inappropriate for the list; I just think it 
would be a real bummer to have jack audio not be one of the top results 
on Google anymore, or to have our site defaced, so I'd like to offer 
what suggestions I can to, hopefully, improve the situation.

David Nielson

1325311504.27160_0.ltw:2,a <4EFEA604.5040802 at comcast dot net>