security question

Jorge Evangelista netsecuredata at gmail.com
Wed Aug 15 14:51:03 PDT 2007


Hi, I use SMTP AUTH via php, it works fine and it is more safer, you
have to install modules PEAR (MAIL and Auth_SASL).
Also, you can identify some attacks php if you compile with your
apache mod_security, it will create a log
/usr/local/apache/logs/alert.
Also mod_evasive for DDoS attacks.



On 8/15/07, Chuck Swiger <cswiger at mac.com> wrote:
> On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote:
> > We have many Freebsd servers with apache/php/mysql.
> > Recently, some of these have been sending out large amounts of
> > emails. We know the servers are secure in the sense they are fully
> > patched. But we also know that the most secure shared server can be
> > abused by a badly written php script.
>
> Certainly anyone with access to create new scripts can misuse the
> available resources, agreed.
>
> > So my question is this:
> > Is there a way to identify vulenrable php scripts?
>
> I tend to assume that all PHP scripts are vulnerable, and history
> tends to support the notion that PHP has a miserable security track
> record.
>
> > It's very difficult to pinpoint when the server starts sending out
> > emails. We just notice that they do, without any identifyable
> > correlation to anything on the logs.
> >
> > A related question:
> > Can we audit which php script is calling sendmail?
>
> Well, you could set up your mailserver to require that users must
> authenticate via SMTP AUTH before they are allowed to relay email.
> This would mean that the PHP scripts would need to authenticate as a
> particular user account, which would then let you see which scripts
> are generating the mail.  It would also help block malicious scripts
> which have not been setup to auth before sending the email...
>
> --
> -Chuck
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>


-- 
"The network is the computer"


More information about the freebsd-isp mailing list