Comments on: Tweet Week: Sept 28-Oct 4, 2009 http://blog.unmaskparasites.com/2009/10/04/tweet-week-sept-28-oct-4-2009/ Website insecurity by example Fri, 03 Sep 2010 20:05:44 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: MK http://blog.unmaskparasites.com/2009/10/04/tweet-week-sept-28-oct-4-2009/comment-page-1/#comment-4540 MK Tue, 06 Oct 2009 11:12:00 +0000 http://blog.unmaskparasites.com/?p=332#comment-4540 This is correct. Since a particular user has ownership over all of their own files, they will always have the necessary permissions in order to edit them (or at least can change the permissions to necessary value in order to edit). I've not had a chance to examine the Beladen/Goscanpark malware in any detail as of yet. However, from the information I have read on these, they rely on Apache and PHP running under the same user in order to modify it's responses. This is correct. Since a particular user has ownership over all of their own files, they will always have the necessary permissions in order to edit them (or at least can change the permissions to necessary value in order to edit).

I’ve not had a chance to examine the Beladen/Goscanpark malware in any detail as of yet. However, from the information I have read on these, they rely on Apache and PHP running under the same user in order to modify it’s responses.

]]> By: Denis http://blog.unmaskparasites.com/2009/10/04/tweet-week-sept-28-oct-4-2009/comment-page-1/#comment-4537 Denis Tue, 06 Oct 2009 09:03:47 +0000 http://blog.unmaskparasites.com/?p=332#comment-4537 Thanks, At the same time suPHP may make individual accounts more vulnerably to attacks that use buggy scripts, since 644 and 755 permissions won't prevent file modification and creation. Am I right? And it is still not clear if suPHP can prevent Beladen/Goscanpark attacks. Thanks,

At the same time suPHP may make individual accounts more vulnerably to attacks that use buggy scripts, since 644 and 755 permissions won’t prevent file modification and creation. Am I right?

And it is still not clear if suPHP can prevent Beladen/Goscanpark attacks.

]]> By: MK http://blog.unmaskparasites.com/2009/10/04/tweet-week-sept-28-oct-4-2009/comment-page-1/#comment-4535 MK Tue, 06 Oct 2009 05:28:10 +0000 http://blog.unmaskparasites.com/?p=332#comment-4535 suPHP, in combination with other precautions, is a very good method of protection against attacks aimed at the server itself. PHP processes are run as individual users rather than "nobody" or something similar. This allows much more restrictive permissions to be setup and in doing so, prevents a compromise of one account to spread to multiple accounts or the server itself. suPHP, in combination with other precautions, is a very good method of protection against attacks aimed at the server itself. PHP processes are run as individual users rather than “nobody” or something similar. This allows much more restrictive permissions to be setup and in doing so, prevents a compromise of one account to spread to multiple accounts or the server itself.

]]>