[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Apache exploit

Subject: [ale] Apache exploit
From: agcarver+ale at acarver.net (Alex Carver)
Date: Tue, 02 Apr 2013 13:33:15 -0700
In-reply-to: <CAOy4VzdfHkMCCd4d60JzfL2jYbxY5kAbt-WJq7vjitnpSaWn=w@mail.gmail.com>
References: <[email protected]> <CAOy4VzdfHkMCCd4d60JzfL2jYbxY5kAbt-WJq7vjitnpSaWn=w@mail.gmail.com>

On 4/2/2013 13:23, David Tomaschik wrote:
> Based on the analysis from the Malware Must Die Blog and some other things
> I've heard about this, it looks like the original source of compromise is
> most likely Plesk or CPanel.  Doesn't look like there's any Apache
> vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
> *this* attack.

What's the specific user draw to Plesk and CPanel in the first place? 
It seems all of these management systems are riddled with holes which 
end up compromising the underlying machine.  I suppose there's some 
benefit to multi-homed systems managing multiple instances but, given 
all this trouble, I'd rather edit configurations manually and turn off 
anything like this if I had a remotely hosted system.

I actually had an argument over Webmin at one point for a public web 
server that was being installed in my home department at school years 
ago.  The netadmin was strongly suggesting installing it and I was 
strongly suggesting ssh and vim.  Since I was the one going to maintain 
it, I was fortunate that I won. :)

Follow-Ups:
- [ale] Apache exploit
  - From: david at systemoverlord.com (David Tomaschik)

References:
- [ale] Apache exploit
  - From: allen at ua.edu (Beddingfield, Allen)
- [ale] Apache exploit
  - From: david at systemoverlord.com (David Tomaschik)

Prev by Date: [ale] [OT] high visibility keyboards on sale at big lots
Next by Date: [ale] Apache exploit
Previous by thread: [ale] Apache exploit
Next by thread: [ale] Apache exploit
Index(es):
- Date
- Thread