On Sat, 25 Dec 2004, Raistlin wrote: > Juergen Schmidt wrote: > > Hello, > > > > the new santy version not only attacks phpBB. > > How would these two worms react to classical hardening tips such as PHP > Safe mode and noexec /tmp ?
For this particular strain it would certainly help, but that is why there exists new variations. Certainly doing it to /tmp, /usr/tmp, /var/tmp could help, but it isn't 100% foolproof, and some don't even consider it security. Another measure one might use is chmod 700 (or 400 depending on your needs) wget. Then again, you can always disable the functions in php.ini for exec and system for instance to help stave off other similar attacks. -- Regards, Paul Laudanski - Computer Cops, LLC. CEO & Founder CastleCops(SM) - http://castlecops.com Promoting education and health in online security and privacy. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
