Arghhh!

Why, oh why would a web host be stupid enough to install hundreds of directories for hundreds of customers with permissions 777 and then run apache as ‘nobody‘?
Why would they also run PHP with ‘register_globals=true’ and without open_basedir?
Why would they not use chroot jails for Apache?
Why would they not provide CGIWrap or suEXEC?
…no posts in [...]

By Jon

Posts by Jon
Jon’s Website

Why, oh why would a web host be stupid enough to install hundreds of directories for hundreds of customers with permissions 777 and then run apache as ‘nobody‘?

Why would they also run PHP with ‘register_globals=true’ and without open_basedir?

Why would they not use chroot jails for Apache?

Why would they not provide CGIWrap or suEXEC?

…no posts in days, I know. I am too busy cleaning up after an easily prevented script-kiddie attack. Stupid, stupid host. Tons of scripts running on their virtual host boxes, most with some sort of file upload capability, and they run Apache as nobody! Nicely done, asshats. One user or one script gets compromised and suddenly every folder on the entire server that is perm’d 777 starts serving up WMF exploits to every website visitor.

Tags: ,
Trackbacks are closed, but you can post a comment.

RSS feed

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

Trackback responses to this post

  • About Me

    These are the ramblings of Jon Tillman

  • Archives

  • Meta

My Others...

Friends

Subscribe

JONTILLMAN.COM Posts RSS feed

Tag Cloud