[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Apache exploit

On 4/2/2013 13:23, David Tomaschik wrote:
> Based on the analysis from the Malware Must Die Blog and some other things
> I've heard about this, it looks like the original source of compromise is
> most likely Plesk or CPanel.  Doesn't look like there's any Apache
> vulnerability being exploited, so Apparmor around Apache wouldn't mitigate
> *this* attack.

What's the specific user draw to Plesk and CPanel in the first place? 
It seems all of these management systems are riddled with holes which 
end up compromising the underlying machine.  I suppose there's some 
benefit to multi-homed systems managing multiple instances but, given 
all this trouble, I'd rather edit configurations manually and turn off 
anything like this if I had a remotely hosted system.

I actually had an argument over Webmin at one point for a public web 
server that was being installed in my home department at school years 
ago.  The netadmin was strongly suggesting installing it and I was 
strongly suggesting ssh and vim.  Since I was the one going to maintain 
it, I was fortunate that I won. :)