Full Disclosure mailing list archives
Re: Re: New Santy-Worm attacks *all* PHP-skripts
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 26 Dec 2004 01:39:14 -0500 (EST)
On Sat, 25 Dec 2004, Raistlin wrote:
Juergen Schmidt wrote:Hello, the new santy version not only attacks phpBB.How would these two worms react to classical hardening tips such as PHP Safe mode and noexec /tmp ?
For this particular strain it would certainly help, but that is why there exists new variations. Certainly doing it to /tmp, /usr/tmp, /var/tmp could help, but it isn't 100% foolproof, and some don't even consider it security. Another measure one might use is chmod 700 (or 400 depending on your needs) wget. Then again, you can always disable the functions in php.ini for exec and system for instance to help stave off other similar attacks. -- Regards, Paul Laudanski - Computer Cops, LLC. CEO & Founder CastleCops(SM) - http://castlecops.com Promoting education and health in online security and privacy. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: New Santy-Worm attacks *all* PHP-skripts Paul Laudanski (Dec 26)
- <Possible follow-ups>
- New Santy-Worm attacks *all* PHP-skripts Gary E. Miller (Dec 26)
- New Santy-Worm attacks *all* PHP-skripts Juergen Schmidt (Dec 29)
- Re: New Santy-Worm attacks *all* PHP-skripts Paul Laudanski (Dec 25)
- Re: New Santy-Worm attacks *all* PHP-skripts Paul Laudanski (Dec 27)
- Re: New Santy-Worm attacks *all* PHP-skripts Raistlin (Dec 26)
- Re: Re: New Santy-Worm attacks *all* PHP-skripts Paul Laudanski (Dec 26)
- Re: Re: New Santy-Worm attacks *all* PHP-skripts Steve Wray (Dec 29)
- Re: New Santy-Worm attacks *all* PHP-skripts Paul Laudanski (Dec 25)
- Re: New Santy-Worm attacks *all* PHP-skripts Pekka Savola (Dec 29)
- Re: New Santy-Worm attacks *all* PHP-skripts Juergen Schmidt (Dec 29)