Blackhole

[Chris Kenward]

Hi Ed

> Actually, I believe that somebody from Red Hat had looked at 
> every patch they've released for RHEL 3 and determined that 
> if you installed it naked on the Internet with *NO* updates 
> but in its default configuration, it would not yet have been 
> penetrated even if you installed it the day it was released 
> (Oct 2003 I think).
> 
> If you look at most of the RHEL 3 vulnerabilities, they're 
> local root exploits - i.e. you already need to be on the 
> system before you can elevate your privilege level.  I would 
> prefer that the bad guys don't get on my system in the first place...

Just as a follow-up, considering the first blackhole query was mine I
think...

We have several EL servers running and the one I was originally worried
about is the only one running customers' PHP scripting. The others don't and
(touch wood) they've never yet been touched.

So... It appears that the PHP stuff may well be the dangerous stuff and, to
try and stop it as best I can, I've switched register_globals OFF. It's made
one or three websites not work properly but we've told those customers they
have to get their web design guys to re-write, or bugger off to another
provider! Well... Not in those terms exactly! ;)

Since I switched the register_globals OFF we haven't see the attack again.
With register_globals ON we were zapped three times in one week.

Thanks to you all for your help on this one.

Regards
Chris