security question
- From: Arie Kachler <akachler@xxxxxxxxxx>
- Date: Wed, 15 Aug 2007 13:08:56 -0400
Hello,
This may not be the best place to ask, but I know all readers of this list have security experience (we have no other choice).
We have many Freebsd servers with apache/php/mysql.
Recently, some of these have been sending out large amounts of emails. We know the servers are secure in the sense they are fully patched. But we also know that the most secure shared server can be abused by a badly written php script.
So my question is this:
Is there a way to identify vulenrable php scripts?
It's very difficult to pinpoint when the server starts sending out emails. We just notice that they do, without any identifyable correlation to anything on the logs.
A related question:
Can we audit which php script is calling sendmail?
Any advice will be greatly appreciated.
Arie Kachler
Systems Administrator
Telcom.Net
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: security question
- From: Chuck Swiger
- Re: security question
- Prev by Date: re: MPD PPPoE Server
- Next by Date: Re: security question
- Previous by thread: re: MPD PPPoE Server
- Next by thread: Re: security question
- Index(es):
Relevant Pages
|
|
