Date: Wed, 15 Aug 2007 16:25:07 -0500 From: "Jorge Evangelista" <netsecuredata@gmail.com> To: freebsd-isp@freebsd.org Subject: Re: security question Message-ID: <de85c96f0708151425w216e7ec4k2fa65b3cf03bcb6c@mail.gmail.com> In-Reply-To: <BD0FE737-0803-48BB-AFCC-75859A0C6F53@mac.com> References: <46C33328.6050700@telcom.net> <BD0FE737-0803-48BB-AFCC-75859A0C6F53@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I use SMTP AUTH via php, it works fine and it is more safer, you have to install modules PEAR (MAIL and Auth_SASL). Also, you can identify some attacks php if you compile with your apache mod_security, it will create a log /usr/local/apache/logs/alert. Also mod_evasive for DDoS attacks. On 8/15/07, Chuck Swiger <cswiger@mac.com> wrote: > On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote: > > We have many Freebsd servers with apache/php/mysql. > > Recently, some of these have been sending out large amounts of > > emails. We know the servers are secure in the sense they are fully > > patched. But we also know that the most secure shared server can be > > abused by a badly written php script. > > Certainly anyone with access to create new scripts can misuse the > available resources, agreed. > > > So my question is this: > > Is there a way to identify vulenrable php scripts? > > I tend to assume that all PHP scripts are vulnerable, and history > tends to support the notion that PHP has a miserable security track > record. > > > It's very difficult to pinpoint when the server starts sending out > > emails. We just notice that they do, without any identifyable > > correlation to anything on the logs. > > > > A related question: > > Can we audit which php script is calling sendmail? > > Well, you could set up your mailserver to require that users must > authenticate via SMTP AUTH before they are allowed to relay email. > This would mean that the PHP scripts would need to authenticate as a > particular user account, which would then let you see which scripts > are generating the mail. It would also help block malicious scripts > which have not been setup to auth before sending the email... > > -- > -Chuck > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- "The network is the computer"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?de85c96f0708151425w216e7ec4k2fa65b3cf03bcb6c>