[CentOS] Strange Apache log entry
rmcconne at lightlink.com
Sat Aug 28 13:45:20 UTC 2010
Emmanuel Noobadmin wrote:
> On 8/24/10, Keith Roberts <keith at karsites.net> wrote:
>> So bolting down PHP really tight should address these hacks?
> As others have mentioned, this is trying to take advantage of a poorly
> written PHP script that doesn't sanitize/check the input before using.
> However, you could possibly lock down PHP further to reduce the
> possibility of such apps working by using the disabled_function
> setting to disable the riskier functions which allow
> shell/command/file operations. Of course depending on how aggressive
> you are, it could lead to scripts breaking.
The best way to attack this problem is to take a close look at the known
issues and make sure your code doesn't expose any of them. Start by
reading the OWASP web site. Their annual Top Ten list of
vulnerabilities is a good place to start. They also have sample code
snippets in a variety of languages to sanitize and validate input. We
utilize both their recommendations and code in a number of our sites. It
gives us a good start toward PCI compliance.
Another excellent resource is the "SANS-CWE Top 25 Most Dangerous
Programming Errors". This applies to all applications that have
network access, not just web pages. The press release explains what
the list contains.
More information about the CentOS