Re: FreeBSD and Mayhem – a hidden threat for *nix web servers
Allan Jude
allanjude at freebsd.org
Wed Feb 17 15:55:28 UTC 2016
On 2016-02-17 09:28, Andrey Fesenko wrote:
> Hello,
> There is a vulnerability
> https://www.virusbulletin.com/virusbulletin/2014/07/mayhem-hidden-threat-nix-web-servers?utm_content=buffercd266&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
> Is known methods lock and protect it from the FreeBSD?
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
Note that that post is from 2014.
Make sure you are not running a vulnerable version of popular PHP
software like Wordpress, Drupal, or Joomla.
If possible, keep the directories where the PHP scripts are run locked
down with permissions, or better yet, a separate ZFS dataset with the
readonly property turned on. Mount the /tmp directory (and possible the
PHP directories) noexec, so that scripts and binaries drops by attempts
to exploit your web apps will not run.
As far as general advice: use jails to contain your webserver, and ZFS
snapshots to be able to 'undo' anything that does happen.
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20160217/d1e848e2/attachment.sig>
More information about the freebsd-hackers
mailing list