[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] PHP safe mode problems...

To: 'SuSE Security' <suse-security@xxxxxxxx>
Subject: [suse-security] PHP safe mode problems...
From: Jose de Paula Eufrásio Junior <jjunior@xxxxxxxxxx>
Date: Tue, 09 Dec 2003 09:58:05 -0200
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Tue, 09 Dec 2003 12:58:42 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <20031205122613.EFC4CD011300@xxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
Organization: ProInternet do Brasil
References: <20031205122613.EFC4CD011300@xxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4; MultiZilla vundefinedundefined) Gecko/20030630

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello.

I got a defacing in my domains this weekend. They used and php shell to
run some processes in the machine and replace all
index.(html|shtml|php). They changed my users password too, and let a
process in the /tmp dir running on port 80.

The thing is, if I turn on PHP Safe Mode, webmail and applications stop
working (includes and execs).

There's some way to secure PHP and don't lose half of it's funcionality?


[]s
core

- --
Jos? de Paula Eufr?sio J?nior
Analista de Sistema | CPD
ProInternet do Brasil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/1bjNuux+hAffZfsRAnMGAJ4utuZmJ5mkK0wg5qaXQVAAyePLAwCfRKWR
QKOI+DBUs9NYAKKnK/jv3tY=
=TiPv
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] PHP safe mode problems...
  - From: Bodo Kaelberer
- Re: [suse-security] PHP safe mode problems...
  - From: Christian Boltz

References:
- RE: [suse-security] Freeswan client for Windows (2000/XP)?
  - From: Martin Temmink

Prev by Date: Re: [suse-security] kupdated in uninterrupatable sleep after kernel update
Next by Date: [suse-security] OT: iptables question (nat)
Previous by thread: Re: [suse-security] Freeswan client for Windows (2000/XP)?
Next by thread: Re: [suse-security] PHP safe mode problems...
Index(es):
- Date
- Thread