Network Security: Detailed info on Re: Attempts to push spam through apache

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: Attempts to push spam through apache

from [Adrian Popescu] Network Security

[Permanent Link]

Subject:	Re: Attempts to push spam through apache
Date:	Mon, 23 Aug 2004 08:56:48 +0300


The previous intruder, which I suspect was an automated script and not a
real person, never got root.  The script installed the IRC proxy source in
/tmp, then compiled and ran it as the apache user.   After that happened, I
blocked apache's access to /tmp by creating  a "tmpusers" group to which
apache doesn't belong, and making /tmp owned by root/tmpusers with 0770
perms.  I don't have to support users on this box, so only a limited number
of users, like the PostgreSQL owner, need access to /tmp.  I was already
routing other things apache commonly puts in /tmp like PHP session data to
separate directories so this was a pretty simple fix.

Thanks again!

Peter


You could also mount /tmp on another partition with the "noexec" option.
(in fstab .... defaults,noexec,rw)
Usualy 100-200M will do.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Attempts to push spam through apache, Gite, Ashish (Security Consultancy) Attempts to push spam through apache, Peter H. Lemieux Re: Attempts to push spam through apache, Andy Smith Re: Attempts to push spam through apache, Gabriel Orozco Re: Attempts to push spam through apache, David Benfell Re: Attempts to push spam through apache, Jan Knutar Re: Attempts to push spam through apache, Alex Butcher, ISC/ISYS Message not available Re: Attempts to push spam through apache, Peter H. Lemieux Re: Attempts to push spam through apache, Adrian Popescu <= Re: Attempts to push spam through apache, Adrian Popescu Re: Attempts to push spam through apache, Wayne Frazee

Previous by Date:	Re: Attempts to push spam through apache, Wayne Frazee
Next by Date:	Re: Attempts to push spam through apache, David Benfell
Previous by Thread:	Re: Attempts to push spam through apache, Peter H. Lemieux
Next by Thread:	Re: Attempts to push spam through apache, Adrian Popescu
Indexes:	[Date] [Thread] [Top] [All Lists]