hi all,
As some of you know, i work for Lycos Europe somewhat in charge of the php4U Service
which is php and Mysql for all free/paid members.
For security reasons, we have disabled functions on the platform among which are all
socket functions.
Although we remain on our choice for the free platform, i'd like to offer the socket
functions to our paid clients. But apart from security, we have a responsibility
towards ourselves and the others. Let me explain. Socket functions could be used to
hack/ddos/ping flood any other hosts either straightforwardly or by using a newly
found bug etc, i think you get the jist of it. Plus, since the machines serving php
are on the inside of our firewall (even though they're on the DMZ), they could be used
to attack our own servers.
To "solve" in a way those two dilemmas we should have two things :
- a way to log socket activity (src host, dest host, ips, user, script doing
the 'attack', etc)
- a way to blacklist ips (in a host.deny way) in the php.ini for example
I'm not sure if (and how) this is doable fairly rapidly. I have to say i have looked
in the source and did not really find a central place for all the sockets functions
where i could plug a php_syslog() call to log what i need or implement the ip
blacklisting idea.
If anyone could tell me 1/ if these two things i'm suggesting are viable, 2/ how
easily they can be implemented and how (where in the source code might the central
socket functions be), i'd be greatful.
I think Hosting services providers like Lycos could use such a feature.
Thanks a lot for any insight.
Later
--
--
Chand
"640K ought to be enough for anybody."
Bill Gates, 1981
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
