[CentOS] Strange Apache log entry
Emmanuel Noobadmin
centos.admin at gmail.com
Sat Aug 28 04:08:49 UTC 2010
On 8/24/10, Keith Roberts <keith at karsites.net> wrote:
> So bolting down PHP really tight should address these hacks?
As others have mentioned, this is trying to take advantage of a poorly
written PHP script that doesn't sanitize/check the input before using.
However, you could possibly lock down PHP further to reduce the
possibility of such apps working by using the disabled_function
setting to disable the riskier functions which allow
shell/command/file operations. Of course depending on how aggressive
you are, it could lead to scripts breaking.
More information about the CentOS
mailing list