Welcome! Log In Create A New Profile

Re: Nginx securiy problem

Forum List Message List New Topic Print View

mike

December 05, 2009 09:30PM

Registered: 15 years ago
Posts: 833

On Sat, Dec 5, 2009 at 4:30 PM, egerci <nginx-forum@nginx.us> wrote:

> The problem is giving trust/certificate to company that behave or take action like me!
> This show SL's understanding of Security.

who would you believe more:

a) your friend of 3 years
b) someone off the street

you're the one who originally got exploited. why would they trust you
more than someone who they've certified/authorized to be a server
administration consultant? :)

forgive me if you already mentioned this, but is this a shared hosting
server (do you have multiple clients on it) or is it just yourself?

if it is yourself, i wouldn't bother with all the locking down of php
using disable_functions and such.

i would examine the code for exploits. hire someone to do it for you.
you probably have a lot of holes, it's very easy in php. one of my
clients back when i used to do virtual hosting kept getting exploited
over and over. one of them racked up a $2000 bandwidth bill because
the exploit downloaded an XDCC bot sending out pirated movies on IRC.
i was able to talk the provider down some and collect some money from
the kid but i never got it all back. i'm so glad i'm out of that game
now.

i am not sure that suhosin nor php's safe mode or disable_functions
behavior would have fixed that either. i don't think i had suhosin in
the mix back then, nowadays i run a suhosin patched php and the
suhosin module too. although i am not sure they help; they wind up
being so restrictive i have to set a bunch of high boundaries so
common things work properly.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Nginx securiy problem	egerci	December 03, 2009 04:22AM
Re: Nginx securiy problem	Sergej Kandyla	December 03, 2009 05:46AM
Re: Nginx securiy problem	egerci	December 03, 2009 07:41AM
Re: Nginx securiy problem	Piotr Sikora	December 03, 2009 09:08AM
Re: Nginx securiy problem	egerci	December 03, 2009 12:31PM
Re: Nginx securiy problem	Cliff Wells	December 03, 2009 01:02PM
Re: Nginx securiy problem	egerci	December 03, 2009 01:22PM
Re: Nginx securiy problem	Cliff Wells	December 03, 2009 02:04PM
Re: Nginx securiy problem	George	December 03, 2009 02:06PM
Re: Nginx securiy problem	egerci	December 03, 2009 02:55PM
Re: Nginx securiy problem	mike	December 03, 2009 03:42PM
Re: Nginx securiy problem	Igor Sysoev	December 03, 2009 04:16PM
Re: Nginx securiy problem	mike	December 03, 2009 05:06PM
Re: Nginx securiy problem	mike	December 04, 2009 01:00AM
Re: Nginx securiy problem	Igor Sysoev	December 04, 2009 01:00AM
Re: Nginx securiy problem	Jean-Baptiste Quenot	December 05, 2009 05:02AM
Re: Nginx securiy problem	mike	December 05, 2009 05:24AM
Re: Nginx securiy problem	Steve	December 05, 2009 06:26AM
Re: Nginx securiy problem	mike	December 05, 2009 01:32PM
Re: Nginx securiy problem	Igor Sysoev	December 05, 2009 02:00PM
Re: Nginx securiy problem	Steve	December 05, 2009 04:36PM
Re: Nginx securiy problem	mike	December 05, 2009 05:32PM
Re: Nginx securiy problem	Steve	December 05, 2009 06:46PM
Re: Nginx securiy problem	Jérôme Loyet	December 05, 2009 07:12AM
Re: Nginx securiy problem	Steve	December 03, 2009 06:08PM
Re: Nginx securiy problem	mike	December 03, 2009 07:26PM
Re: Nginx securiy problem	Steve	December 03, 2009 07:42PM
Re: Nginx securiy problem	Steve	December 03, 2009 07:14PM
Re: Nginx securiy problem	egerci	December 05, 2009 02:01PM
Re: Nginx securiy problem	Steve	December 05, 2009 05:04PM
Re: Nginx securiy problem	mike	December 05, 2009 05:16PM
Re: Nginx securiy problem	Jim Ohlstein	December 05, 2009 05:34PM
Re: Nginx securiy problem	egerci	December 05, 2009 07:30PM
Re: Nginx securiy problem	Steve	December 05, 2009 09:12PM
Re: Nginx securiy problem	mike	December 05, 2009 09:30PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 304

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018