The box is secure that much i have found out. the only problems have
been with this email spamming. nothing in the tmp dirs out of the
ordinary and no missing files running scripts etc. I have changed
everyone passwords on the box. *'d the www password, ensured there is
no shell with the www user, etc.
i am in the process of upgrading the ports now and there are problems
(of course). the ports seem to have been mangled as the listing in /
var/db/ports does not match what i KNOW is running on the box. The
person i have inherited this from manually deleted from the /var/db/
ports to get some of the applications to re-install! gotta love that!
well here i come port fix hell! This is a production box and can't be
taken off line as of this moment so i am going to have to attempt on
the fly fixing / upgrading of the ports. i would love to wipe it but
it is just not a possibility right now.
thanks for all your help and insight. even those of you who tried to
tell me I was lost... :)
ken;
Ken Hawkins
Product Manager/Software Development
Broadjam Inc.
313 W. Beltline Hwy, Suite 147
Madison, WI 53713
P: 404-323-7493
F: 608-273-3635
W: www.broadjam.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Broadjam Web Hosting for Musicians
Now featuring links, guestbook, news
page and more customization.
Only at www.broadjam.com/hosting.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Aug 11, 2005, at 11:04 AM, Stijn Hoop wrote:
On Thu, Aug 11, 2005 at 04:54:10PM +0200, [EMAIL PROTECTED]
wrote:
If the box in question was local secure, you don't have to worry
that much.
Correct of course, but seeing as the OP admitted to not knowing a
lot about
the administration of this machine, I don't think local security
was very
high.
If it's a long time since you've updated your base, are sloppy
with passwords
on the box in question, haven't updated your daemons/setuid
packages in weeks,
then the box should be concidered a total loss.
Just think in terms as "what are the possible things I could do if
my UID were
'www'"
There might be some less obvious things, especially if the base OS is
as far behind as the phpBB installation.
I for example have webservers running in chroot, on a partition
that is
nosuid, and starred out password for the user 'www'. The thing you
describing happens sometimes because users do not update there
phpbb's
either. I'm not affraid since the kiddo would have the same access
than a
customer, which I cannot trust either. If you don't know the box
IS secure,
it isn't, there is a lot of work involved in keeping things like this
"under controle".
Totally true, and good advice for setting up access for customers /
etc.
--Stijn
--
Coughlin's law: never show surprise, never lose your cool.
-- Cocktail
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
