[CentOS] Apache Security
John Hinton
webmaster at ew3d.com
Thu Jun 22 17:32:35 UTC 2006
Matthew T. O'Connor wrote:
>
> Is this a know problem? Have others seen it? What can I do to help
> prevent this?
>
PHP is a likely suspect. Do you have globals off?
It can be difficult to find the culprit, hit the logs, look at hacker
file creation dates.. try to match the creation time to something done
within a script in the logs. Photo Galleries and any script which allows
uploads should be the first suspects. And yes, as mentioned, AWstats did
have an issue, but it is a pretty old version at this point... still
something to look at.
Of course, files uploaded via PHP are owned by Apache or the Apache
username assigned.
Best,
John Hinton
More information about the CentOS
mailing list