Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
Loading site search ...

Tweet Week: Sept 28-Oct 4, 2009

   04 Oct 09   Filed in Tweet Week

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Oct 1, 2009

My blog reader Robert asks if suPHP can prevent Beladen/Goscanpark-type exploits.  What do you think?

[milestone] 50,000 suspicious pages detected by Unmask Parasites.

Oct 2, 2009

TheRegister writes about my research on cloaked spam pages on hacked high-profiles sites.

Millions of hacked ASP web pages (looks like SQL-injection)

If you want more real-time experience, you can follow @unmaskparasites on Twitter.

Reader's Comments (3)

  1. |

    suPHP, in combination with other precautions, is a very good method of protection against attacks aimed at the server itself. PHP processes are run as individual users rather than “nobody” or something similar. This allows much more restrictive permissions to be setup and in doing so, prevents a compromise of one account to spread to multiple accounts or the server itself.

    • |


      At the same time suPHP may make individual accounts more vulnerably to attacks that use buggy scripts, since 644 and 755 permissions won’t prevent file modification and creation. Am I right?

      And it is still not clear if suPHP can prevent Beladen/Goscanpark attacks.

      • |

        This is correct. Since a particular user has ownership over all of their own files, they will always have the necessary permissions in order to edit them (or at least can change the permissions to necessary value in order to edit).

        I’ve not had a chance to examine the Beladen/Goscanpark malware in any detail as of yet. However, from the information I have read on these, they rely on Apache and PHP running under the same user in order to modify it’s responses.