[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP, Perl, server securing, etc.

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] PHP, Perl, server securing, etc.
From: Aaron Trevena <aaron.trevena@xxxxxxxxx>
Date: Thu, 24 Jun 2010 10:22:52 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=RXFs+CilaqCIF80xZ1rD3S7HcdLMj7SSS9OrTdwymW0=; b=RUicLT2V0LphFP3xx9B8MM2CSeUyvoJ3bzrK+2OPxp7YNo+ai+iTMiBtjdbcNv0oKQ 3iJwNcpT7W0eHE2VWuCT8X/NH4UcD72v4q2hIv2lKGbUTwXDChEWB6ounaXbDw7jfK24 9PSYt9b/QQ07ZyhZKNPwAO+/zq+dBx2Rv98oo=

On 22 June 2010 20:37, Gordon Henderson <gordon+dcglug@xxxxxxxxxx> wrote:
> And who says Linux isn't targetted by scammers, etc...

Linux desktops aren't.. this is just run of the mill stuff you get
when you plug any server into the internet.

The main difference between Linux/UNIX and Windows servers
historically has been :
a) Quite a few "windows" of vulnerability for IIS/SQL Server/ASP/etc
where servers or system software are shipped with unpatched
vulnerabilities and you needed to keep your server behind a firewall
blocking all services for hours or days until all the service packs
and patches have been applied (at some points in the last few years
tests have demonstrated a standard Windows Server install with no 3rd
party software being compromised within **minutes** of being plugged
into the internet)
b) Windows servers provide a very standard profile to attack, even
allowing for service packs and updates, but Linux distros and versions
differ enough to break most pre-packaged exploit scripts such as the
one provided.
c) Linux (and windows to lesser degree) servers tend to be almost
entirely compromised through 3rd party software vulnerabilities,
usually in PHP web applications, rather than the system software
itself.

I've never had one of my Linux boxes compromised, despite a lot of
hostile traffic targetting either weak ssh passwords or php
applications/mis-configuration, even with out-of-the-box configuration
left in place for weeks on some new servers.

> I noticed this in a log-file earlier - I see this sort of thing regularly,
> but thought I'd post one here for you:
> ....
> So there you go - Linux *is* being targetted and obvously the target above
> is for some specific site running some specific version of some software,
> but who knows!

It's targetting a PHP app running on any *nix with GNU tools
installed, could work (or not) as likely on solaris, freebsd or linux,
even windows running servers via cygwin :)

A.

-- 
Aaron J Trevena, BSc Hons
http://www.aarontrevena.co.uk
LAMP System Integration, Development and Consulting

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] PHP, Perl, server securing, etc.
- From: Gordon Henderson
Follow-up: Re: [LUG] PHP, Perl, server securing, etc.
- From: Simon Waters

References:
- [LUG] PHP, Perl, server securing, etc.
  - From: Gordon Henderson

Prev by Date: Re: [LUG] Printing: Canon Pixma?
Next by Date: Re: [LUG] PHP, Perl, server securing, etc.
Previous by thread: Re: [LUG] PHP, Perl, server securing, etc.
Next by thread: Re: [LUG] PHP, Perl, server securing, etc.
Index(es):
- Date
- Thread