On Wed, Sep 8, 2010 at 6:17 PM, Bill Campbell centos@celestial.com wrote:
I think it's a mistake to discount any attacks involving php as the vast majority of the systems I have had to clean up after cracks have been compromised through php vulnerabilities, usually in conjunction with weak user level passwords.
IHMO, admin tools like phpMyAdmin, webmin, and usermin should be carefully restricted, preferably only accessible via a private LAN, not from the public internet. Use a VPN to access from the public internet if necessary. We don't install usermin in most cases as I have seen it used to exploit security bugs on old SuSE systems that permit root access.
Last time I checked, webmin and usermin were written in Perl ;-), no php there.
If you're running a web app with a known vulnerability and it's available from the internet, then you're in trouble, that's for sure.
-- natxo