From: Ken Walling (kencybercede.net)
Date: Tue Apr 04 2006 - 08:25:25 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My guess is that it was a PHP exploit. There are a plethora of them
available.

        Ken

-----Original Message-----
From: owner-miscopenbsd.org [mailto:owner-miscopenbsd.org] On Behalf
Of David B.
Sent: Monday, April 03, 2006 4:41 AM
To: miscopenbsd.org
Subject: 3.9 coming out

hi, I see 3.9 is getting ready to be released. Do you plan on bundling
Apache2 with it? it would seem a logical thing to do, since the Apache
version currently bundled with it seems to have problems.

I just lost my entire development box to a hack this week, right through

smoothwall's DMZ. I had apache up, postgresql installed with the mod_php
as
the middleware. All settings were default and the only port I had open
was
80 through smoothwall. I even had all packets dropped that came from
asia,
south america and africa.

The point being, if you sell security as your market niche, you might
want
to make sure that, at least, Apache be up to date, and not a version
from 5
years ago where who knows how many hacks there are out there for it.

I don't mind rebuilding my development box from scratch because that's
why I
had it on the net like that anyway, simply to see how long it would take
for
someone to crash it. It took less than a month - that's not very good
from
a default security viewpoint.

I'm assuming of course that Apache is the problem, as there are no logs
or
anyway to tell what happened, but the hard drive started to make an
awful
screaching sound as the drive was apparently being forced to track the
heads
back and forth very quickly. The drive is fine, but apache and
postgresql
won't start, and the wtmp file was erased, so that when I did a 'last'
only
my most recent login came up.

Anyway, it would be nice if Apache 2 were available for 3.9

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]