Date: Wed, 17 Feb 2016 10:55:24 -0500 From: Allan Jude <allanjude@freebsd.org> To: freebsd-hackers@freebsd.org Subject: =?UTF-8?Q?Re:_FreeBSD_and_Mayhem_=e2=80=93_a_hidden_threat_for_*nix?= =?UTF-8?Q?_web_servers?= Message-ID: <56C497EC.20704@freebsd.org> In-Reply-To: <CA%2BK5SrNdS8wKz8BiB0M4orMKnhkedR7gkvR7w3amHepc%2BtMv2A@mail.gmail.com> References: <CA%2BK5SrNdS8wKz8BiB0M4orMKnhkedR7gkvR7w3amHepc%2BtMv2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2016-02-17 09:28, Andrey Fesenko wrote: > Hello, > There is a vulnerability > https://www.virusbulletin.com/virusbulletin/2014/07/mayhem-hidden-threat-nix-web-servers?utm_content=buffercd266&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer > Is known methods lock and protect it from the FreeBSD? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > Note that that post is from 2014. Make sure you are not running a vulnerable version of popular PHP software like Wordpress, Drupal, or Joomla. If possible, keep the directories where the PHP scripts are run locked down with permissions, or better yet, a separate ZFS dataset with the readonly property turned on. Mount the /tmp directory (and possible the PHP directories) noexec, so that scripts and binaries drops by attempts to exploit your web apps will not run. As far as general advice: use jails to contain your webserver, and ZFS snapshots to be able to 'undo' anything that does happen. -- Allan Jude [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWxJfvAAoJEBmVNT4SmAt+8gwQAKNgGZFqz3FgoPwDxjmHbt1c OzTmydXE67ipTMFzbiJJsAHGo0zp02uZXyhhxGL5KY4LiL8XQgSkqgIEfOKVR1Eo mQ88y1g7fyRIE/y4RRK8+Ka7a0FS/q165yvHj8fo9p+yz3OhZsiiK5aTiFDpiI4q 5ZDp5BEVwWWgis44rdwD7oIPwHfEgmN037xJhj/XqGvty9PWbR3+rTNnsJo8qLNN lUDCBz2q78rMa8Ig01gIW+Ikl582lRtUgzlAGwODFVNDwRLB7tH/GgccEmPAZnax P+qzSFSO6YjTpjepyDR7QtOBA20eAPW41hGEICv+sQGNOshFI5XdtMgfbynJYDS7 58cR7K/NZGeu59amru+DEK+RoNEnQ4T7QF8e1W+n6GOBbO8N5QziimatnImaysyk aio7T7OSCIDbymR6Wzw6ghOk3bLo1c/5c3TY92MRMjSZeAOPIzt6oeIm6GghyuCk ozV+VlJ2REi/7LZvazqX8eXh+C0aavg2kmqpWqBstiTSv9ciykxNRFmECwnP19dP cxo8hiy4dnkUtkOe2DK3tX8XZZmMFhrqZfivSmFplKBHFEVohA/jx3q3dwolRj0Z 2F1Phil4TlY4K6ypS9RcjrnSP6vvrqz3SbJzD7hT/KX8eWNbcEj1WXN2xErXCbnq twlYkgz7Z7nhVqzCGS/p =fNrY -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56C497EC.20704>