Re: newbie with www user security problem

From: Ken Hawkins (ken_at_rosewoodblues.com)
Date: 08/11/05

  • Next message: Yann Golanski: "Re: newbie with www user security problem" 
    Date: Thu, 11 Aug 2005 11:32:44 -0400
To: freebsd-security@freebsd.org

    The box is secure that much i have found out. the only problems have
    been with this email spamming. nothing in the tmp dirs out of the
    ordinary and no missing files running scripts etc. I have changed
    everyone passwords on the box. *'d the www password, ensured there is
    no shell with the www user, etc.

    i am in the process of upgrading the ports now and there are problems
    (of course). the ports seem to have been mangled as the listing in /
    var/db/ports does not match what i KNOW is running on the box. The
    person i have inherited this from manually deleted from the /var/db/
    ports to get some of the applications to re-install! gotta love that!

    well here i come port fix hell! This is a production box and can't be
    taken off line as of this moment so i am going to have to attempt on
    the fly fixing / upgrading of the ports. i would love to wipe it but
    it is just not a possibility right now.

    thanks for all your help and insight. even those of you who tried to
    tell me I was lost... :)

    ken;
    Ken Hawkins
    Product Manager/Software Development
    Broadjam Inc.
    313 W. Beltline Hwy, Suite 147
    Madison, WI 53713
    P: 404-323-7493
    F: 608-273-3635
    W: www.broadjam.com

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Broadjam Web Hosting for Musicians
    Now featuring links, guestbook, news
    page and more customization.
    Only at www.broadjam.com/hosting.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    On Aug 11, 2005, at 11:04 AM, Stijn Hoop wrote:

    > On Thu, Aug 11, 2005 at 04:54:10PM +0200, jimmy@inet-solutions.be
    > wrote:
    >
    >> If the box in question was local secure, you don't have to worry
    >> that much.
    >>
    >
    > Correct of course, but seeing as the OP admitted to not knowing a
    > lot about
    > the administration of this machine, I don't think local security
    > was very
    > high.
    >
    >
    >> If it's a long time since you've updated your base, are sloppy
    >> with passwords
    >> on the box in question, haven't updated your daemons/setuid
    >> packages in weeks,
    >> then the box should be concidered a total loss.
    >>
    >> Just think in terms as "what are the possible things I could do if
    >> my UID were
    >> 'www'"
    >>
    >
    > There might be some less obvious things, especially if the base OS is
    > as far behind as the phpBB installation.
    >
    >
    >> I for example have webservers running in chroot, on a partition
    >> that is
    >> nosuid, and starred out password for the user 'www'. The thing you
    >> describing happens sometimes because users do not update there
    >> phpbb's
    >> either. I'm not affraid since the kiddo would have the same access
    >> than a
    >> customer, which I cannot trust either. If you don't know the box
    >> IS secure,
    >> it isn't, there is a lot of work involved in keeping things like this
    >> "under controle".
    >>
    >
    > Totally true, and good advice for setting up access for customers /
    > etc.
    >
    > --Stijn
    >
    > --
    > Coughlin's law: never show surprise, never lose your cool.
    > -- Cocktail
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Yann Golanski: "Re: newbie with www user security problem"