Facebook
Twitter-
Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products ! WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
Join the pilot program today!
Security Forum I think is needed.
- Thread starter lvalics
- Start date
I come with first questions, suggestions.
After this phpBB security things, I treid to see how people enter in servers and I find like:
They try to execute comand and install softwares like BNC or other into server.
The way to do is to use /tmp directory, writeable to anyone.
OK, because I cannot change this (even if in new PLESK I saw in each domain a /tmp) I can try to make to diable to install things in /tmp.
They try to get programs with WGET, NCFTP or LYNX usually, common used is WGET.
So I expect comments on changing WGET and other programs, LYNX, NCFTP to be executable only by root, like chmod 700 wget or to get out suid from wget like chmod -s wget.
Is a good way to try to stop them to install programs?
It will affect other softwares who will use wget ?
After this phpBB security things, I treid to see how people enter in servers and I find like:
They try to execute comand and install softwares like BNC or other into server.
The way to do is to use /tmp directory, writeable to anyone.
OK, because I cannot change this (even if in new PLESK I saw in each domain a /tmp) I can try to make to diable to install things in /tmp.
They try to get programs with WGET, NCFTP or LYNX usually, common used is WGET.
So I expect comments on changing WGET and other programs, LYNX, NCFTP to be executable only by root, like chmod 700 wget or to get out suid from wget like chmod -s wget.
Is a good way to try to stop them to install programs?
It will affect other softwares who will use wget ?
Similar threads
