From: Grant Peel
> From: "Michael A. Peters" 
>> Grant Peel wrote:
>>> Good Morning / Afternoon,
>>> We run several of our own servers:
>>> - Dell Power Edge 1U, Pentium,
>>> - FreeBSD (6.x soon to be 7.x)
>>> - along with all the standard Web Application installation (PHP
>>> Exim, Pop3, Proftp, MySQL etc etc).
>>> What I am asking here, is if any one in this community has the
>>> to act as a security consultant in an occasional, as required basis.

>>> Anyone interested should have expience with Apache, PHP, Perl on the

>>> FreeBSD platform.
>> No experience with FreeBSD and probably not enough with Perl - but
>> you hire, make sure they suggest your php build is hardened by
suhosin - 
>> both the core php patch and the loadable module.
> Hi Again all,
> I am not sure what to make of all the chatter on this post ....
> To date, I have not recieved any sincere replies, which is a bit
> I am thinking that this job would be easy money for someone who
> knows the ins and outs of php/Apache from a secuirty standpoint.
> I already have sohosin patch applied (it is applied as part of the
> FreeBSD - php port).
> Anyways, the offer is still out there if anyone is interested.

Hi Grant,

First off, I believe you are asking on the wrong list. Server security
is an advanced topic, well outside the experience of most novice PHP
developers. You would be better off asking on some of the advanced
Apache or Perl Monks mailing lists.

Second, from your brief description, I can easily picture a full time
job with lots of overtime hours, not something most consultants will be
interested in. Security is not easy to do correctly, particularly if you
are not responsible and accountable for the outcome or don't have full
authority and management support. We currently have a team of five
people who are jointly responsible for the security of our servers and
networks. Each of them spends more than 20% of their time on that
portion of their job.

And finally, there are companies that do what you asked for. Gibson
Research(*) is the first one that comes to mind <>. They also
provide monitoring services to keep an eye out for intrusions on your
servers once they have been hardened. Foundstone(**) is another

Good luck,

Bob McConnell
Senior Software Engineer
The CBORD Group, Inc.
61 Brown Road
Ithaca NY, 14850
Phone 607 257-2410
FAX 607 257-1902

(*) No relationship exists nor is implied, we're not even a customer. I
just like his style. Plus his Shields Up test gave my home firewall a
perfect score.

(**) We have occasionally hired these folks to do training and intrusion

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to