RE: [PHP] Security Support
From: Grant Peel From: Michael A. Peters Grant Peel wrote: Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. No experience with FreeBSD and probably not enough with Perl - but whoever you hire, make sure they suggest your php build is hardened by suhosin - both the core php patch and the loadable module. Hi Again all, I am not sure what to make of all the chatter on this post To date, I have not recieved any sincere replies, which is a bit suprising. I am thinking that this job would be easy money for someone who already knows the ins and outs of php/Apache from a secuirty standpoint. I already have sohosin patch applied (it is applied as part of the default FreeBSD - php port). Anyways, the offer is still out there if anyone is interested. Hi Grant, First off, I believe you are asking on the wrong list. Server security is an advanced topic, well outside the experience of most novice PHP developers. You would be better off asking on some of the advanced Apache or Perl Monks mailing lists. Second, from your brief description, I can easily picture a full time job with lots of overtime hours, not something most consultants will be interested in. Security is not easy to do correctly, particularly if you are not responsible and accountable for the outcome or don't have full authority and management support. We currently have a team of five people who are jointly responsible for the security of our servers and networks. Each of them spends more than 20% of their time on that portion of their job. And finally, there are companies that do what you asked for. Gibson Research(*) is the first one that comes to mind www.grc.com. They also provide monitoring services to keep an eye out for intrusions on your servers once they have been hardened. Foundstone(**) is another www.foundstone.com. Good luck, Bob McConnell Senior Software Engineer The CBORD Group, Inc. 61 Brown Road Ithaca NY, 14850 Phone 607 257-2410 FAX 607 257-1902 Email r...@cbord.com Web www.cbord.com (*) No relationship exists nor is implied, we're not even a customer. I just like his style. Plus his Shields Up test gave my home firewall a perfect score. (**) We have occasionally hired these folks to do training and intrusion audits. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo defati...@hotmail.com wrote: Yea, dude, well me GED says I kin git it dun wit less wastid time. -- No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say them say. Is there any particular reason you guys totally trashed this thread? It's fine if you don't want to apply, but please don't go out of your way to try to make someone with a legitimate and properly-formatted request look like a moron because it backfires and reflects poorly on your own professionalism. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
I agree with you Daniel Regards, Igor Escobar systems analyst interface designer www . igorescobar . com On Mon, Mar 30, 2009 at 10:58 AM, Daniel Brown danbr...@php.net wrote: On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo defati...@hotmail.com wrote: Yea, dude, well me GED says I kin git it dun wit less wastid time. -- No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say them say. Is there any particular reason you guys totally trashed this thread? It's fine if you don't want to apply, but please don't go out of your way to try to make someone with a legitimate and properly-formatted request look like a moron because it backfires and reflects poorly on your own professionalism. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
- Original Message - From: Michael A. Peters mpet...@mac.com To: Grant Peel gp...@thenetnow.com Cc: php-general@lists.php.net Sent: Sunday, March 29, 2009 10:00 PM Subject: Re: [PHP] Security Support Grant Peel wrote: Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. No experience with FreeBSD and probably not enough with Perl - but whoever you hire, make sure they suggest your php build is hardened by suhosin - both the core php patch and the loadable module. Hi Again all, I am not sure what to make of all the chatter on this post To date, I have not recieved any sincere replies, which is a bit suprising. I am thinking that this job would be easy money for someone who already knows the ins and outs of php/Apache from a secuirty standpoint. I already have sohosin patch applied (it is applied as part of the default FreeBSD - php port). Anyways, the offer is still out there if anyone is interested. -Grant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
Grant Peel wrote: - Original Message - From: Michael A. Peters mpet...@mac.com To: Grant Peel gp...@thenetnow.com Cc: php-general@lists.php.net Sent: Sunday, March 29, 2009 10:00 PM Subject: Re: [PHP] Security Support Grant Peel wrote: Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. No experience with FreeBSD and probably not enough with Perl - but whoever you hire, make sure they suggest your php build is hardened by suhosin - both the core php patch and the loadable module. Hi Again all, I am not sure what to make of all the chatter on this post To date, I have not recieved any sincere replies, which is a bit suprising. I am thinking that this job would be easy money for someone who already knows the ins and outs of php/Apache from a secuirty standpoint. I already have sohosin patch applied (it is applied as part of the default FreeBSD - php port). Anyways, the offer is still out there if anyone is interested. Nobody might have the right mix of skills you require (where-as going for a company if one person doesn't have the skills, someone else can take over). Probably quite a few people here could do the php and bsd but not the perl, or could do the php/perl but no idea about bsd (I fit into that category). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security Support
Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. We are more than willing to compensate for services rendered, and are more than willing to discuss terms. In the end, we would be more than willing to share any non-fudiciary information with anyone who could find it useful (via this or other mailing lists). We are asking any interested parties to contact us off-list such that we don't need to make any private matters public. This is a bonified request, as we can setup servers ourselves, but simply do not have the time to research various run time, and security related items. TIA, -Grant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Support
From: gp...@thenetnow.com To: php-general@lists.php.net Date: Sun, 29 Mar 2009 17:12:32 -0400 Subject: [PHP] Security Support Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. We are more than willing to compensate for services rendered, and are more than willing to discuss terms. In the end, we would be more than willing to share any non-fudiciary information with anyone who could find it useful (via this or other mailing lists). We are asking any interested parties to contact us off-list such that we don't need to make any private matters public. This is a bonified request, as we can setup servers ourselves, but simply do not have the time to research various run time, and security related items. TIA, -Grant Hey Guys, Let's be honest with ourselves here. If you've applied for this job, let me see your hands up!!! Alugo Abdulazeez www.frangeovic.com _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
Re: [PHP] Security Support
- Original Message - From: abdulazeez alugo defati...@hotmail.com To: gp...@thenetnow.com; php-general@lists.php.net Sent: Sunday, March 29, 2009 6:09 PM Subject: RE: [PHP] Security Support From: gp...@thenetnow.com To: php-general@lists.php.net Date: Sun, 29 Mar 2009 17:12:32 -0400 Subject: [PHP] Security Support Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. We are more than willing to compensate for services rendered, and are more than willing to discuss terms. In the end, we would be more than willing to share any non-fudiciary information with anyone who could find it useful (via this or other mailing lists). We are asking any interested parties to contact us off-list such that we don't need to make any private matters public. This is a bonified request, as we can setup servers ourselves, but simply do not have the time to research various run time, and security related items. TIA, -Grant Hey Guys, Let's be honest with ourselves here. If you've applied for this job, let me see your hands up!!! Alugo Abdulazeez www.frangeovic.com _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx *Pauses and listens to crickets chirp* Dave Wonderly WebGenero www.webgenero.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Support
I is a hi skool gradjuate -Original Message- From: abdulazeez alugo [mailto:defati...@hotmail.com] Sent: Sunday, March 29, 2009 7:10 PM To: gp...@thenetnow.com; php-general@lists.php.net Subject: RE: [PHP] Security Support From: gp...@thenetnow.com To: php-general@lists.php.net Date: Sun, 29 Mar 2009 17:12:32 -0400 Subject: [PHP] Security Support Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. We are more than willing to compensate for services rendered, and are more than willing to discuss terms. In the end, we would be more than willing to share any non-fudiciary information with anyone who could find it useful (via this or other mailing lists). We are asking any interested parties to contact us off-list such that we don't need to make any private matters public. This is a bonified request, as we can setup servers ourselves, but simply do not have the time to research various run time, and security related items. TIA, -Grant Hey Guys, Let's be honest with ourselves here. If you've applied for this job, let me see your hands up!!! Alugo Abdulazeez www.frangeovic.com _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx __ Information from ESET Smart Security, version of virus signature database 3973 (20090329) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 3973 (20090329) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Support
From: da...@wonderly.com To: defati...@hotmail.com; gp...@thenetnow.com; php-general@lists.php.net Date: Sun, 29 Mar 2009 18:16:35 -0500 Subject: Re: [PHP] Security Support - Original Message - From: abdulazeez alugo defati...@hotmail.com To: gp...@thenetnow.com; php-general@lists.php.net Sent: Sunday, March 29, 2009 6:09 PM Subject: RE: [PHP] Security Support From: gp...@thenetnow.com To: php-general@lists.php.net Date: Sun, 29 Mar 2009 17:12:32 -0400 Subject: [PHP] Security Support Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. We are more than willing to compensate for services rendered, and are more than willing to discuss terms. In the end, we would be more than willing to share any non-fudiciary information with anyone who could find it useful (via this or other mailing lists). We are asking any interested parties to contact us off-list such that we don't need to make any private matters public. This is a bonified request, as we can setup servers ourselves, but simply do not have the time to research various run time, and security related items. TIA, -Grant Hey Guys, Let's be honest with ourselves here. If you've applied for this job, let me see your hands up!!! Alugo Abdulazeez www.frangeovic.com *Pauses and listens to crickets chirp* Dave Wonderly WebGenero www.webgenero.com steam Hey Dave, Are you trying to tell us something or are you just writing your first novel?/steam Alugo Abdulazeez _ Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx
Re: [PHP] Security Support
Grant Peel wrote: Good Morning / Afternoon, We run several of our own servers: - Dell Power Edge 1U, Pentium, - FreeBSD (6.x soon to be 7.x) - along with all the standard Web Application installation (PHP Apache Exim, Pop3, Proftp, MySQL etc etc). What I am asking here, is if any one in this community has the knowledge to act as a security consultant in an occasional, as required basis. Anyone interested should have expience with Apache, PHP, Perl on the FreeBSD platform. No experience with FreeBSD and probably not enough with Perl - but whoever you hire, make sure they suggest your php build is hardened by suhosin - both the core php patch and the loadable module. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security Support
Marc Christopher Hall wrote: I is a hi skool gradjuate Yea, dude, well me GED says I kin git it dun wit less wastid time. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Security Support
Date: Sun, 29 Mar 2009 19:02:15 -0700 From: mpet...@mac.com To: m...@hallmarcwebsites.com CC: php-general@lists.php.net Subject: Re: [PHP] Security Support Marc Christopher Hall wrote: I is a hi skool gradjuate Yea, dude, well me GED says I kin git it dun wit less wastid time. -- No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say them say. _ More than messages–check out the rest of the Windows Live™. http://www.microsoft.com/windows/windowslive/