On 07/15/2009 10:40 AM, Scott Morris wrote: > Great responses, all. > > I should clarify that the box was not rooted. A vulnerability in the > PHP code on the box was exploited to place tools on the machine. They > had access to files that were owned by the user running apache. The > only files that I could see that were changed were in the web root. >
With this in mind there are some other things that come to mind. UPDATE!!!! Can't believe I forgot that one. Also use memory safe string copying. Read "smashing the stack for fun and profit" to understand that. Sanitize your user input(sql and stack smashing). Also back up code and data. Again set up the cron job. There are also tools like tripwire that help with the md5/sha1 stuff. Kyle /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
