[ale] Apache exploit
Alex Carver
agcarver+ale at acarver.net
Tue Apr 2 16:33:15 EDT 2013
On 4/2/2013 13:23, David Tomaschik wrote:
> Based on the analysis from the Malware Must Die Blog and some other things
> I've heard about this, it looks like the original source of compromise is
> most likely Plesk or CPanel. Doesn't look like there's any Apache
> vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
> *this* attack.
What's the specific user draw to Plesk and CPanel in the first place?
It seems all of these management systems are riddled with holes which
end up compromising the underlying machine. I suppose there's some
benefit to multi-homed systems managing multiple instances but, given
all this trouble, I'd rather edit configurations manually and turn off
anything like this if I had a remotely hosted system.
I actually had an argument over Webmin at one point for a public web
server that was being installed in my home department at school years
ago. The netadmin was strongly suggesting installing it and I was
strongly suggesting ssh and vim. Since I was the one going to maintain
it, I was fortunate that I won. :)
More information about the Ale
mailing list