Re: security question

Hi, I use SMTP AUTH via php, it works fine and it is more safer, you
have to install modules PEAR (MAIL and Auth_SASL).
Also, you can identify some attacks php if you compile with your
apache mod_security, it will create a log
/usr/local/apache/logs/alert.
Also mod_evasive for DDoS attacks.



On 8/15/07, Chuck Swiger <cswiger@xxxxxxx> wrote:
On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote:
We have many Freebsd servers with apache/php/mysql.
Recently, some of these have been sending out large amounts of
emails. We know the servers are secure in the sense they are fully
patched. But we also know that the most secure shared server can be
abused by a badly written php script.

Certainly anyone with access to create new scripts can misuse the
available resources, agreed.

So my question is this:
Is there a way to identify vulenrable php scripts?

I tend to assume that all PHP scripts are vulnerable, and history
tends to support the notion that PHP has a miserable security track
record.

It's very difficult to pinpoint when the server starts sending out
emails. We just notice that they do, without any identifyable
correlation to anything on the logs.

A related question:
Can we audit which php script is calling sendmail?

Well, you could set up your mailserver to require that users must
authenticate via SMTP AUTH before they are allowed to relay email.
This would mean that the PHP scripts would need to authenticate as a
particular user account, which would then let you see which scripts
are generating the mail. It would also help block malicious scripts
which have not been setup to auth before sending the email...

--
-Chuck

_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"



--
"The network is the computer"
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: HTML "scrape" causes loss of query string in URL
    ... in PHP with several PHP scripts interacting with one Java servlet, ... which interacted with several Java classes. ... so now I have to translate all of the PHP scripts into ... PHP to JSP, figuring that while not very "Java guru cool" to do so, ...
    (comp.lang.java.help)
  • Re: OT Favour
    ... same cart software on the same host is fine, and it's only the root page which shows this error on my site. ... I've just tried creating an account and doing a search on your site, both of which trigger your php scripts and both of which ran successfully. ... recognises Maria's pc and that it then objects because it thinks she's trying to manipulate her scripts through .htaccess. ...
    (uk.politics.misc)
  • Re: hitting the limits
    ... I dont believe you have to "close" PHP scripts or even database connections. ... error log, or they send PHP's errors into Apache's error log. ...
    (comp.lang.php)
  • Re: Hide email from spammers
    ... >> Google has found me PHP scripts that could do it, ... > recommendation to just use html character replacements. ...
    (comp.lang.php)
  • Re: massive email
    ... > list of emails and first names. ... I use this class for years that has been optimized for bulk delivery. ... You probably need to run the mailing script off the Web server, ... PHP Classes - Free ready to use OOP components written in PHP ...
    (comp.lang.php)