Re: [Jack-Devel] www.jackaudio.org defacement

PrevNext  Index
DateSat, 31 Dec 2011 09:45:43 -0500
From Paul Davis <[hidden] at linuxaudiosystems dot com>
ToDavid Nielson <[hidden] at comcast dot net>
Cc[hidden] at lists dot jackaudio dot org
In-Reply-ToDavid Nielson Re: [Jack-Devel] www.jackaudio.org defacement 
On Sat, Dec 31, 2011 at 1:04 AM, David Nielson <[hidden]> wrote:

> Paul, I would suggest moving to a better-managed hosting service.

there are lots of issues with Dreamhost, but to be fair this pharma
hack seems very widespread across a variety of hosting services and
pretty much any platform that uses a language that includes "eval".

> I recommend hostgator because I know how our security team works, and I know
> that, for our shared services, we use the Worker MPM, suphp as our PHP
> handler, and suexec enabled. Scripts execute as the user and are, therefore,
> properly restricted in what they can do. Setting files +ia works,

what filesystem are you using that supports these?

> personally deal with every day. The security team has scripts that are
> constantly being updated to detect and resolve issues like this, and if this
> had happened on one of our servers, it would have been resolved within an
> hour and would not recur.

how would your scripts have detected it? would they be looking
specifically for suspicious PHP?
PrevNext  Index

1325342755.702_0.ltw:2,a <CAFa_cKm9x+QHz2rvg7XLb7=Q6immO=GKdc9iNz4LMORKcs9_ig at mail dot gmail dot com>