[ale] Apache exploit

David Tomaschik david at systemoverlord.com
Tue Apr 2 18:22:02 EDT 2013


On Tue, Apr 2, 2013 at 1:33 PM, Alex Carver <agcarver+ale at acarver.net>wrote:

> On 4/2/2013 13:23, David Tomaschik wrote:
>
>> Based on the analysis from the Malware Must Die Blog and some other things
>> I've heard about this, it looks like the original source of compromise is
>> most likely Plesk or CPanel.  Doesn't look like there's any Apache
>> vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
>> *this* attack.
>>
>
>
> What's the specific user draw to Plesk and CPanel in the first place? It
> seems all of these management systems are riddled with holes which end up
> compromising the underlying machine.  I suppose there's some benefit to
> multi-homed systems managing multiple instances but, given all this
> trouble, I'd rather edit configurations manually and turn off anything like
> this if I had a remotely hosted system.
>
>
You know how to edit the configurations.  There are many people out there
that want "their own server" without having to learn how to configure
things, hence control panels.  I believe Plesk and CPanel even let you
_provide_ shared hosting?


> I actually had an argument over Webmin at one point for a public web
> server that was being installed in my home department at school years ago.
>  The netadmin was strongly suggesting installing it and I was strongly
> suggesting ssh and vim.  Since I was the one going to maintain it, I was
> fortunate that I won. :)


I know the developer of Webmin fairly well, and he says there is still
plenty of demand, also for Virtualmin (his virtualization-oriented tool).



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130402/8089b2f1/attachment.html>


More information about the Ale mailing list