From owner-freebsd-isp@FreeBSD.ORG Wed Aug 15 21:51:03 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EF9B16A418 for ; Wed, 15 Aug 2007 21:51:03 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id 2472713C46A for ; Wed, 15 Aug 2007 21:51:03 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so59019waf for ; Wed, 15 Aug 2007 14:51:02 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rJKrn0aU7bY/ys5F6VjQ/LYL1OTEgUYADppJROdOeqpCwPaZX0h+ShvFi6XP4rp9ZaBDfb4jJUHaGMlv7+3cRrecqKv04Cl4rW2bWNUEQKmlz9ZBapfSxahSm1gMQ6tBBxM26DD63MlOcm0I9c8lNX1yALFY6ZAkeGEty5f1GWs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bZKFo+qIBzLid4gENrwjDebk/FSlBPul/JihotT3OQOG0zkGFKlajYhxrxrkTmnZH9QSKsr4x7RfHqkijjAHtsgJbaoDs82ttkhSI87MjYktuHlmYtOZ0klIEPCLP3/ofn+oZLSUzi2vsBN7o3uICB8AziYjxLJ3jYhtKCZFyF4= Received: by 10.114.184.7 with SMTP id h7mr1066439waf.1187213107522; Wed, 15 Aug 2007 14:25:07 -0700 (PDT) Received: by 10.114.108.6 with HTTP; Wed, 15 Aug 2007 14:25:07 -0700 (PDT) Message-ID: Date: Wed, 15 Aug 2007 16:25:07 -0500 From: "Jorge Evangelista" To: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46C33328.6050700@telcom.net> Subject: Re: security question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 21:51:03 -0000 Hi, I use SMTP AUTH via php, it works fine and it is more safer, you have to install modules PEAR (MAIL and Auth_SASL). Also, you can identify some attacks php if you compile with your apache mod_security, it will create a log /usr/local/apache/logs/alert. Also mod_evasive for DDoS attacks. On 8/15/07, Chuck Swiger wrote: > On Aug 15, 2007, at 10:08 AM, Arie Kachler wrote: > > We have many Freebsd servers with apache/php/mysql. > > Recently, some of these have been sending out large amounts of > > emails. We know the servers are secure in the sense they are fully > > patched. But we also know that the most secure shared server can be > > abused by a badly written php script. > > Certainly anyone with access to create new scripts can misuse the > available resources, agreed. > > > So my question is this: > > Is there a way to identify vulenrable php scripts? > > I tend to assume that all PHP scripts are vulnerable, and history > tends to support the notion that PHP has a miserable security track > record. > > > It's very difficult to pinpoint when the server starts sending out > > emails. We just notice that they do, without any identifyable > > correlation to anything on the logs. > > > > A related question: > > Can we audit which php script is calling sendmail? > > Well, you could set up your mailserver to require that users must > authenticate via SMTP AUTH before they are allowed to relay email. > This would mean that the PHP scripts would need to authenticate as a > particular user account, which would then let you see which scripts > are generating the mail. It would also help block malicious scripts > which have not been setup to auth before sending the email... > > -- > -Chuck > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- "The network is the computer"