«

Just in case anyone who uses Iserve hasnt read their email lately.....
Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
being compromised and they have had to restore from a backup meaning
any changes made to Iserve based sites over the past few days may no
longer be valid.

Personally my own site seems ok except for missing its index.htm,
however I have shut it down until Iserve can let users know what the
outcome is after their investigation.....

Fingers crossed they dont pull PHP support altogether because of one
user who dosent keep their 3rd party scripts up to date

"XPD" <> wrote in message
news: oups.com...
> Just in case anyone who uses Iserve hasnt read their email lately.....
> Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
> being compromised and they have had to restore from a backup meaning
> any changes made to Iserve based sites over the past few days may no
> longer be valid.
>
> Personally my own site seems ok except for missing its index.htm,
> however I have shut it down until Iserve can let users know what the
> outcome is after their investigation.....
>
> Fingers crossed they dont pull PHP support altogether because of one
> user who dosent keep their 3rd party scripts up to date
>

I would doubt they would pull it. It does make you wonder why one persons
website, could cause that type of damage to other peoples accounts.

On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:

>Just in case anyone who uses Iserve hasnt read their email lately.....
>Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
>being compromised and they have had to restore from a backup meaning
>any changes made to Iserve based sites over the past few days may no
>longer be valid.
>
>Personally my own site seems ok except for missing its index.htm,
>however I have shut it down until Iserve can let users know what the
>outcome is after their investigation.....
>
>Fingers crossed they dont pull PHP support altogether because of one
>user who dosent keep their 3rd party scripts up to date

You can't really blame the user. There shouldn't be a system in place
on a shared server that would allow the compromise of other user's
accounts.

At first glance, the blame lies squarely at the feet of IServe.

<troll>
Is this the "security" that Linux offers, Lennier?
</troll>

"Fred Dagg" <> wrote in message
news:...
> On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:
>
>>Just in case anyone who uses Iserve hasnt read their email lately.....
>>Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
>>being compromised and they have had to restore from a backup meaning
>>any changes made to Iserve based sites over the past few days may no
>>longer be valid.
>>
>>Personally my own site seems ok except for missing its index.htm,
>>however I have shut it down until Iserve can let users know what the
>>outcome is after their investigation.....
>>
>>Fingers crossed they dont pull PHP support altogether because of one
>>user who dosent keep their 3rd party scripts up to date
>
> You can't really blame the user. There shouldn't be a system in place
> on a shared server that would allow the compromise of other user's
> accounts.
>
> At first glance, the blame lies squarely at the feet of IServe.
>
> <troll>
> Is this the "security" that Linux offers, Lennier?
> </troll>

You can blame the user, if they are using scripts that have known secuirty
holes in them, and they don't update their scripts. It is hardly the hosts
job to individually check their customers websites to make sure that they
are using upto date scripts. That said, yes their systems shouldn't have
allowed other users accounts to be affected by one persons website.

Hello Fred,

> <troll>
> Is this the "security" that Linux offers, Lennier?
> </troll>

personally i dont compleatly agree that this is a 'linux security' issue,
but rather a nasty series of events.

let me understand this thing ... mabye somebody can explain how it could
happen.

if i am not mistaken, each user would have their own 'sandpit' (so nobody
else can see everybody elses stuff) but the HTTPD service will need to have
full access to them sandpits.

so, is my nasty ass script is being run as a user that has access to everybody
elses documents - could my nasty ass script do bad things to other users
documents ?

whose fault would it be, the interpreter / compiler / engine of my nasty
ass script (which in fairness would be executing within the httpd user context),
httpd for executing it, or the web-host ?

would it be soo simple as to make httpd service a request using the user-context
of the owner of a particular script, if that script is acl'd as root then
god help us all but if that script is acl'd as a particular user it couldnt
cause massive havoc.

----------------
Steven H

the madGeek

> On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:
>
>> Just in case anyone who uses Iserve hasnt read their email
>> lately..... Iserve got hit by a PHP-Nuke exploit which resulted in
>> files/pages being compromised and they have had to restore from a
>> backup meaning any changes made to Iserve based sites over the past
>> few days may no longer be valid.
>>
>> Personally my own site seems ok except for missing its index.htm,
>> however I have shut it down until Iserve can let users know what the
>> outcome is after their investigation.....
>>
>> Fingers crossed they dont pull PHP support altogether because of one
>> user who dosent keep their 3rd party scripts up to date
>>
> You can't really blame the user. There shouldn't be a system in place
> on a shared server that would allow the compromise of other user's
> accounts.
>
> At first glance, the blame lies squarely at the feet of IServe.
>
> <troll>
> Is this the "security" that Linux offers, Lennier?
> </troll>

On 2006-08-07, Steven H <> wrote:
> Hello Fred,
>
>> <troll>
>> Is this the "security" that Linux offers, Lennier?
>> </troll>
>
> personally i dont compleatly agree that this is a 'linux security' issue,
> but rather a nasty series of events.
>
> let me understand this thing ... mabye somebody can explain how it could
> happen.
>
> if i am not mistaken, each user would have their own 'sandpit' (so nobody
> else can see everybody elses stuff) but the HTTPD service will need to have
> full access to them sandpits.
>
> so, is my nasty ass script is being run as a user that has access to everybody
> elses documents - could my nasty ass script do bad things to other users
> documents ?
>
> whose fault would it be, the interpreter / compiler / engine of my nasty
> ass script (which in fairness would be executing within the httpd user context),
> httpd for executing it, or the web-host ?
>
> would it be soo simple as to make httpd service a request using the user-context
> of the owner of a particular script, if that script is acl'd as root then
> god help us all but if that script is acl'd as a particular user it couldnt
> cause massive havoc.

yeah, I don't understand why it isn't done that way.

--

Bye.
Jasen

"XPD" <> wrote in message
news: oups.com...
> Just in case anyone who uses Iserve hasnt read their email lately.....
> Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
> being compromised and they have had to restore from a backup meaning
> any changes made to Iserve based sites over the past few days may no
> longer be valid.
>
> Personally my own site seems ok except for missing its index.htm,
> however I have shut it down until Iserve can let users know what the
> outcome is after their investigation.....
>
> Fingers crossed they dont pull PHP support altogether because of one
> user who dosent keep their 3rd party scripts up to date
>

More info here

http://computerworld.co.nz/news.nsf/...F?OpenDocument

On Mon, 07 Aug 2006 14:32:17 +1200, someone purporting to be Vista didst
scrawl:

> "XPD" <> wrote in message
*SNIP*
>> Fingers crossed they dont pull PHP support altogether because of one
>> user who dosent keep their 3rd party scripts up to date
>>
Unfortunately it's not just one user. My experience is that most users
don't keep their scripts updated, and it's just good luck that this scale
of intrusion hasn't happened to them before.
iServe has shown remarkable forbearance, really, in still allowing phpBB
and PHP-Nuke to be installed. They're both horribly insecure.

> I would doubt they would pull it. It does make you wonder why one persons
> website, could cause that type of damage to other peoples accounts.

It's a limitation of the Unix permissions model, mostly. The joys of the
ugo restrictions, and how it affects Apache, are well known to anyone
who's run such systems for any real length of time. There are ways around
it, but they pose other problems for administration of such a massively
distributed architecture.

--
Matthew Poole
"Don't use force. Get a bigger hammer."

"XPD" <> wrote in message
news: oups.com...
> Just in case anyone who uses Iserve hasnt read their email lately.....
> Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
> being compromised and they have had to restore from a backup meaning
> any changes made to Iserve based sites over the past few days may no
> longer be valid.
>
> Personally my own site seems ok except for missing its index.htm,
> however I have shut it down until Iserve can let users know what the
> outcome is after their investigation.....
>
> Fingers crossed they dont pull PHP support altogether because of one
> user who dosent keep their 3rd party scripts up to date
>

Interesting followup article on Stuff.co.nz about this

http://www.stuff.co.nz/stuff/0,2106,3762991a28,00.html

In message < .com>, XPD
wrote:

> Fingers crossed they dont pull PHP support altogether because of one
> user who dosent keep their 3rd party scripts up to date

Getting rid of PHP /would/ be the most cost-effective way of solving the
problem
<http://groups.google.co.nz/groups?selm=ldo->.