newbie with www user security problem
Ken Hawkins
ken at rosewoodblues.com
Thu Aug 11 15:32:54 GMT 2005
The box is secure that much i have found out. the only problems have
been with this email spamming. nothing in the tmp dirs out of the
ordinary and no missing files running scripts etc. I have changed
everyone passwords on the box. *'d the www password, ensured there is
no shell with the www user, etc.
i am in the process of upgrading the ports now and there are problems
(of course). the ports seem to have been mangled as the listing in /
var/db/ports does not match what i KNOW is running on the box. The
person i have inherited this from manually deleted from the /var/db/
ports to get some of the applications to re-install! gotta love that!
well here i come port fix hell! This is a production box and can't be
taken off line as of this moment so i am going to have to attempt on
the fly fixing / upgrading of the ports. i would love to wipe it but
it is just not a possibility right now.
thanks for all your help and insight. even those of you who tried to
tell me I was lost... :)
ken;
Ken Hawkins
Product Manager/Software Development
Broadjam Inc.
313 W. Beltline Hwy, Suite 147
Madison, WI 53713
P: 404-323-7493
F: 608-273-3635
W: www.broadjam.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Broadjam Web Hosting for Musicians
Now featuring links, guestbook, news
page and more customization.
Only at www.broadjam.com/hosting.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Aug 11, 2005, at 11:04 AM, Stijn Hoop wrote:
> On Thu, Aug 11, 2005 at 04:54:10PM +0200, jimmy at inet-solutions.be
> wrote:
>
>> If the box in question was local secure, you don't have to worry
>> that much.
>>
>
> Correct of course, but seeing as the OP admitted to not knowing a
> lot about
> the administration of this machine, I don't think local security
> was very
> high.
>
>
>> If it's a long time since you've updated your base, are sloppy
>> with passwords
>> on the box in question, haven't updated your daemons/setuid
>> packages in weeks,
>> then the box should be concidered a total loss.
>>
>> Just think in terms as "what are the possible things I could do if
>> my UID were
>> 'www'"
>>
>
> There might be some less obvious things, especially if the base OS is
> as far behind as the phpBB installation.
>
>
>> I for example have webservers running in chroot, on a partition
>> that is
>> nosuid, and starred out password for the user 'www'. The thing you
>> describing happens sometimes because users do not update there
>> phpbb's
>> either. I'm not affraid since the kiddo would have the same access
>> than a
>> customer, which I cannot trust either. If you don't know the box
>> IS secure,
>> it isn't, there is a lot of work involved in keeping things like this
>> "under controle".
>>
>
> Totally true, and good advice for setting up access for customers /
> etc.
>
> --Stijn
>
> --
> Coughlin's law: never show surprise, never lose your cool.
> -- Cocktail
>
More information about the freebsd-security
mailing list