[ale] Apache exploit

Alex Carver agcarver+ale at acarver.net
Tue Apr 2 16:33:15 EDT 2013


On 4/2/2013 13:23, David Tomaschik wrote:
> Based on the analysis from the Malware Must Die Blog and some other things
> I've heard about this, it looks like the original source of compromise is
> most likely Plesk or CPanel.  Doesn't look like there's any Apache
> vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
> *this* attack.


What's the specific user draw to Plesk and CPanel in the first place? 
It seems all of these management systems are riddled with holes which 
end up compromising the underlying machine.  I suppose there's some 
benefit to multi-homed systems managing multiple instances but, given 
all this trouble, I'd rather edit configurations manually and turn off 
anything like this if I had a remotely hosted system.

I actually had an argument over Webmin at one point for a public web 
server that was being installed in my home department at school years 
ago.  The netadmin was strongly suggesting installing it and I was 
strongly suggesting ssh and vim.  Since I was the one going to maintain 
it, I was fortunate that I won. :)


More information about the Ale mailing list