Server compromissed
James Wilkinson
james at westexe.demon.co.uk
Sat Feb 19 10:41:49 UTC 2005
paul at topguncomputers.com wrote:
> Actually I found the hole.
>
> It was on a phpbb board version 2.0.6. This isn't my board but a friends.
> I just host it for him. There is a script that is installed in the tmp
> directory which is than run with perl. If I look in my apache logs I can
> see this long GET string.
>
> So I'm gonna reinstall everything.
>
> I also found a way to make the tmp directory no executable That way even
> if a script in the future is installed in that directory. It won't be
> able to run.
I assume that you mean the noexec option to mount, which can also be
used in fstab. You should also investigate the nodev and possibly the
nosuid options as well. Yes, they're a good thing.
Thanks for letting us know where the hole was: as you can imagine, I'm
personally very relieved that it wasn't a hole in Fedora!
James.
--
James Wilkinson | Nothing can kill this guy. He’s like a cockroach in a
Exeter Devon UK | star fleet uniform. The only guy who can wear red, beam
E-mail address: james | down to a new planet, and still show up for the next
@westexe.demon.co.uk | episode. -- Mark Stanley, on Star Trek's Miles O'Brien
More information about the fedora-list
mailing list