Date: Wed, 17 Feb 2016 10:55:24 -0500 From: Allan Jude <allanjude@freebsd.org> To: freebsd-hackers@freebsd.org Subject: =?UTF-8?Q?Re:_FreeBSD_and_Mayhem_=e2=80=93_a_hidden_threat_for_*nix?= =?UTF-8?Q?_web_servers?= Message-ID: <56C497EC.20704@freebsd.org> In-Reply-To: <CA%2BK5SrNdS8wKz8BiB0M4orMKnhkedR7gkvR7w3amHepc%2BtMv2A@mail.gmail.com> References: <CA%2BK5SrNdS8wKz8BiB0M4orMKnhkedR7gkvR7w3amHepc%2BtMv2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WWNu3KV5pQSiH15MEF0fslKVcUHgfnOuS Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016-02-17 09:28, Andrey Fesenko wrote: > Hello, > There is a vulnerability > https://www.virusbulletin.com/virusbulletin/2014/07/mayhem-hidden-threa= t-nix-web-servers?utm_content=3Dbuffercd266&utm_medium=3Dsocial&utm_sourc= e=3Dtwitter.com&utm_campaign=3Dbuffer > Is known methods lock and protect it from the FreeBSD? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.o= rg" >=20 Note that that post is from 2014. Make sure you are not running a vulnerable version of popular PHP software like Wordpress, Drupal, or Joomla. If possible, keep the directories where the PHP scripts are run locked down with permissions, or better yet, a separate ZFS dataset with the readonly property turned on. Mount the /tmp directory (and possible the PHP directories) noexec, so that scripts and binaries drops by attempts to exploit your web apps will not run. As far as general advice: use jails to contain your webserver, and ZFS snapshots to be able to 'undo' anything that does happen. --=20 Allan Jude --WWNu3KV5pQSiH15MEF0fslKVcUHgfnOuS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWxJfvAAoJEBmVNT4SmAt+8gwQAKNgGZFqz3FgoPwDxjmHbt1c OzTmydXE67ipTMFzbiJJsAHGo0zp02uZXyhhxGL5KY4LiL8XQgSkqgIEfOKVR1Eo mQ88y1g7fyRIE/y4RRK8+Ka7a0FS/q165yvHj8fo9p+yz3OhZsiiK5aTiFDpiI4q 5ZDp5BEVwWWgis44rdwD7oIPwHfEgmN037xJhj/XqGvty9PWbR3+rTNnsJo8qLNN lUDCBz2q78rMa8Ig01gIW+Ikl582lRtUgzlAGwODFVNDwRLB7tH/GgccEmPAZnax P+qzSFSO6YjTpjepyDR7QtOBA20eAPW41hGEICv+sQGNOshFI5XdtMgfbynJYDS7 58cR7K/NZGeu59amru+DEK+RoNEnQ4T7QF8e1W+n6GOBbO8N5QziimatnImaysyk aio7T7OSCIDbymR6Wzw6ghOk3bLo1c/5c3TY92MRMjSZeAOPIzt6oeIm6GghyuCk ozV+VlJ2REi/7LZvazqX8eXh+C0aavg2kmqpWqBstiTSv9ciykxNRFmECwnP19dP cxo8hiy4dnkUtkOe2DK3tX8XZZmMFhrqZfivSmFplKBHFEVohA/jx3q3dwolRj0Z 2F1Phil4TlY4K6ypS9RcjrnSP6vvrqz3SbJzD7hT/KX8eWNbcEj1WXN2xErXCbnq twlYkgz7Z7nhVqzCGS/p =fNrY -----END PGP SIGNATURE----- --WWNu3KV5pQSiH15MEF0fslKVcUHgfnOuS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56C497EC.20704>