Full Disclosure mailing list archives
Re: Re: New Santy-Worm attacks *all* PHP-skripts
From: Raistlin <raistlin () gioco net>
Date: Sun, 26 Dec 2004 12:48:18 +0100
Paul Laudanski wrote:
For this particular strain it would certainly help, but that is why there exists new variations.
Of course - it's no solution.
Certainly doing it to /tmp, /usr/tmp, /var/tmp could help, but it isn't 100% foolproof, and some don't even consider it security.
Just a bit of hardening :)
Then again, you can always disable the functions in php.ini for exec and system for instance to help stave off other similar attacks.
That's implicit in safe_mode, AFAIK ! -- Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: New Santy-Worm attacks *all* PHP-skripts Raistlin (Jan 06)
- <Possible follow-ups>
- Re: New Santy-Worm attacks *all* PHP-skripts morning_wood (Jan 06)