Re: [Jack-Devel] www.jackaudio.org defacement
On Sat, Dec 31, 2011 at 1:04 AM, David Nielson <[hidden]> wrote:
> Paul, I would suggest moving to a better-managed hosting service.
there are lots of issues with Dreamhost, but to be fair this pharma
hack seems very widespread across a variety of hosting services and
pretty much any platform that uses a language that includes "eval".
> I recommend hostgator because I know how our security team works, and I know
> that, for our shared services, we use the Worker MPM, suphp as our PHP
> handler, and suexec enabled. Scripts execute as the user and are, therefore,
> properly restricted in what they can do. Setting files +ia works,
what filesystem are you using that supports these?
> personally deal with every day. The security team has scripts that are
> constantly being updated to detect and resolve issues like this, and if this
> had happened on one of our servers, it would have been resolved within an
> hour and would not recur.
how would your scripts have detected it? would they be looking
specifically for suspicious PHP?
1325342755.702_0.ltw:2,a <CAFa_cKm9x+QHz2rvg7XLb7=Q6immO=GKdc9iNz4LMORKcs9_ig at mail dot gmail dot com>