FYI : Iserve users

Discussion in 'NZ Computing' started by XPD, Aug 7, 2006.

  1. XPD

    XPD Guest

    Just in case anyone who uses Iserve hasnt read their email lately.....
    Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    being compromised and they have had to restore from a backup meaning
    any changes made to Iserve based sites over the past few days may no
    longer be valid.

    Personally my own site seems ok except for missing its index.htm,
    however I have shut it down until Iserve can let users know what the
    outcome is after their investigation.....

    Fingers crossed they dont pull PHP support altogether because of one
    user who dosent keep their 3rd party scripts up to date :(
    XPD, Aug 7, 2006
    #1
    1. Advertising

  2. XPD

    Vista Guest

    Re: Iserve users

    "XPD" <> wrote in message
    news:...
    > Just in case anyone who uses Iserve hasnt read their email lately.....
    > Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    > being compromised and they have had to restore from a backup meaning
    > any changes made to Iserve based sites over the past few days may no
    > longer be valid.
    >
    > Personally my own site seems ok except for missing its index.htm,
    > however I have shut it down until Iserve can let users know what the
    > outcome is after their investigation.....
    >
    > Fingers crossed they dont pull PHP support altogether because of one
    > user who dosent keep their 3rd party scripts up to date :(
    >


    I would doubt they would pull it. It does make you wonder why one persons
    website, could cause that type of damage to other peoples accounts.
    Vista, Aug 7, 2006
    #2
    1. Advertising

  3. XPD

    Fred Dagg Guest

    On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:

    >Just in case anyone who uses Iserve hasnt read their email lately.....
    >Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    >being compromised and they have had to restore from a backup meaning
    >any changes made to Iserve based sites over the past few days may no
    >longer be valid.
    >
    >Personally my own site seems ok except for missing its index.htm,
    >however I have shut it down until Iserve can let users know what the
    >outcome is after their investigation.....
    >
    >Fingers crossed they dont pull PHP support altogether because of one
    >user who dosent keep their 3rd party scripts up to date :(


    You can't really blame the user. There shouldn't be a system in place
    on a shared server that would allow the compromise of other user's
    accounts.

    At first glance, the blame lies squarely at the feet of IServe.

    <troll>
    Is this the "security" that Linux offers, Lennier?
    </troll>
    Fred Dagg, Aug 7, 2006
    #3
  4. XPD

    Vista Guest

    "Fred Dagg" <> wrote in message
    news:...
    > On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:
    >
    >>Just in case anyone who uses Iserve hasnt read their email lately.....
    >>Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    >>being compromised and they have had to restore from a backup meaning
    >>any changes made to Iserve based sites over the past few days may no
    >>longer be valid.
    >>
    >>Personally my own site seems ok except for missing its index.htm,
    >>however I have shut it down until Iserve can let users know what the
    >>outcome is after their investigation.....
    >>
    >>Fingers crossed they dont pull PHP support altogether because of one
    >>user who dosent keep their 3rd party scripts up to date :(

    >
    > You can't really blame the user. There shouldn't be a system in place
    > on a shared server that would allow the compromise of other user's
    > accounts.
    >
    > At first glance, the blame lies squarely at the feet of IServe.
    >
    > <troll>
    > Is this the "security" that Linux offers, Lennier?
    > </troll>


    You can blame the user, if they are using scripts that have known secuirty
    holes in them, and they don't update their scripts. It is hardly the hosts
    job to individually check their customers websites to make sure that they
    are using upto date scripts. That said, yes their systems shouldn't have
    allowed other users accounts to be affected by one persons website.
    Vista, Aug 7, 2006
    #4
  5. XPD

    Steven H Guest

    Hello Fred,

    > <troll>
    > Is this the "security" that Linux offers, Lennier?
    > </troll>


    personally i dont compleatly agree that this is a 'linux security' issue,
    but rather a nasty series of events.

    let me understand this thing ... mabye somebody can explain how it could
    happen.

    if i am not mistaken, each user would have their own 'sandpit' (so nobody
    else can see everybody elses stuff) but the HTTPD service will need to have
    full access to them sandpits.

    so, is my nasty ass script is being run as a user that has access to everybody
    elses documents - could my nasty ass script do bad things to other users
    documents ?

    whose fault would it be, the interpreter / compiler / engine of my nasty
    ass script (which in fairness would be executing within the httpd user context),
    httpd for executing it, or the web-host ?

    would it be soo simple as to make httpd service a request using the user-context
    of the owner of a particular script, if that script is acl'd as root then
    god help us all but if that script is acl'd as a particular user it couldnt
    cause massive havoc.

    ----------------
    Steven H

    the madGeek

    > On 6 Aug 2006 18:57:31 -0700, "XPD" <> exclaimed:
    >
    >> Just in case anyone who uses Iserve hasnt read their email
    >> lately..... Iserve got hit by a PHP-Nuke exploit which resulted in
    >> files/pages being compromised and they have had to restore from a
    >> backup meaning any changes made to Iserve based sites over the past
    >> few days may no longer be valid.
    >>
    >> Personally my own site seems ok except for missing its index.htm,
    >> however I have shut it down until Iserve can let users know what the
    >> outcome is after their investigation.....
    >>
    >> Fingers crossed they dont pull PHP support altogether because of one
    >> user who dosent keep their 3rd party scripts up to date :(
    >>

    > You can't really blame the user. There shouldn't be a system in place
    > on a shared server that would allow the compromise of other user's
    > accounts.
    >
    > At first glance, the blame lies squarely at the feet of IServe.
    >
    > <troll>
    > Is this the "security" that Linux offers, Lennier?
    > </troll>
    Steven H, Aug 7, 2006
    #5
  6. XPD

    jasen Guest

    On 2006-08-07, Steven H <> wrote:
    > Hello Fred,
    >
    >> <troll>
    >> Is this the "security" that Linux offers, Lennier?
    >> </troll>

    >
    > personally i dont compleatly agree that this is a 'linux security' issue,
    > but rather a nasty series of events.
    >
    > let me understand this thing ... mabye somebody can explain how it could
    > happen.
    >
    > if i am not mistaken, each user would have their own 'sandpit' (so nobody
    > else can see everybody elses stuff) but the HTTPD service will need to have
    > full access to them sandpits.
    >
    > so, is my nasty ass script is being run as a user that has access to everybody
    > elses documents - could my nasty ass script do bad things to other users
    > documents ?
    >
    > whose fault would it be, the interpreter / compiler / engine of my nasty
    > ass script (which in fairness would be executing within the httpd user context),
    > httpd for executing it, or the web-host ?
    >
    > would it be soo simple as to make httpd service a request using the user-context
    > of the owner of a particular script, if that script is acl'd as root then
    > god help us all but if that script is acl'd as a particular user it couldnt
    > cause massive havoc.


    yeah, I don't understand why it isn't done that way.

    --

    Bye.
    Jasen
    jasen, Aug 7, 2006
    #6
  7. XPD

    Vista Guest

    Re: Iserve users

    "XPD" <> wrote in message
    news:...
    > Just in case anyone who uses Iserve hasnt read their email lately.....
    > Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    > being compromised and they have had to restore from a backup meaning
    > any changes made to Iserve based sites over the past few days may no
    > longer be valid.
    >
    > Personally my own site seems ok except for missing its index.htm,
    > however I have shut it down until Iserve can let users know what the
    > outcome is after their investigation.....
    >
    > Fingers crossed they dont pull PHP support altogether because of one
    > user who dosent keep their 3rd party scripts up to date :(
    >


    More info here

    http://computerworld.co.nz/news.nsf/0/473202D62D80FD46CC2571C3000A97DF?OpenDocument
    Vista, Aug 8, 2006
    #7
  8. Re: Iserve users

    On Mon, 07 Aug 2006 14:32:17 +1200, someone purporting to be Vista didst
    scrawl:

    > "XPD" <> wrote in message

    *SNIP*
    >> Fingers crossed they dont pull PHP support altogether because of one
    >> user who dosent keep their 3rd party scripts up to date :(
    >>

    Unfortunately it's not just one user. My experience is that most users
    don't keep their scripts updated, and it's just good luck that this scale
    of intrusion hasn't happened to them before.
    iServe has shown remarkable forbearance, really, in still allowing phpBB
    and PHP-Nuke to be installed. They're both horribly insecure.

    > I would doubt they would pull it. It does make you wonder why one persons
    > website, could cause that type of damage to other peoples accounts.


    It's a limitation of the Unix permissions model, mostly. The joys of the
    ugo restrictions, and how it affects Apache, are well known to anyone
    who's run such systems for any real length of time. There are ways around
    it, but they pose other problems for administration of such a massively
    distributed architecture.

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
    Matthew Poole, Aug 8, 2006
    #8
  9. XPD

    Vista Guest

    Re: Iserve users

    "XPD" <> wrote in message
    news:...
    > Just in case anyone who uses Iserve hasnt read their email lately.....
    > Iserve got hit by a PHP-Nuke exploit which resulted in files/pages
    > being compromised and they have had to restore from a backup meaning
    > any changes made to Iserve based sites over the past few days may no
    > longer be valid.
    >
    > Personally my own site seems ok except for missing its index.htm,
    > however I have shut it down until Iserve can let users know what the
    > outcome is after their investigation.....
    >
    > Fingers crossed they dont pull PHP support altogether because of one
    > user who dosent keep their 3rd party scripts up to date :(
    >


    Interesting followup article on Stuff.co.nz about this

    http://www.stuff.co.nz/stuff/0,2106,3762991a28,00.html
    Vista, Aug 16, 2006
    #9
  10. In message <>, XPD
    wrote:

    > Fingers crossed they dont pull PHP support altogether because of one
    > user who dosent keep their 3rd party scripts up to date :(


    Getting rid of PHP /would/ be the most cost-effective way of solving the
    problem
    <http://groups.google.co.nz/groups?selm=>. :)
    Lawrence D'Oliveiro, Aug 20, 2006
    #10
  11. Re: Iserve users

    In message <>, Matthew Poole wrote:

    > On Mon, 07 Aug 2006 14:32:17 +1200, someone purporting to be Vista didst
    > scrawl:
    >
    >> It does make you wonder why one persons
    >> website, could cause that type of damage to other peoples accounts.

    >
    > It's a limitation of the Unix permissions model, mostly. The joys of the
    > ugo restrictions, and how it affects Apache, are well known to anyone
    > who's run such systems for any real length of time.


    Apache has had the suexec feature for some years now. This is where scripts
    run as the user owning that script.

    > There are ways around
    > it, but they pose other problems for administration of such a massively
    > distributed architecture.


    Surely adding suexec to the mix means minimal additional complexity, given
    you have to maintain a set of authorized users as it is.
    Lawrence D'Oliveiro, Aug 20, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. T.N.O

    Re: iserve for hosting

    T.N.O, Aug 9, 2003, in forum: NZ Computing
    Replies:
    2
    Views:
    306
    T.N.O
    Aug 11, 2003
  2. art

    Re: iserve for hosting

    art, Aug 9, 2003, in forum: NZ Computing
    Replies:
    2
    Views:
    354
    The Bit Bandit
    Aug 17, 2003
  3. madknoxie

    Orcon to iServe mail issue

    madknoxie, Sep 5, 2003, in forum: NZ Computing
    Replies:
    5
    Views:
    522
    madknoxie
    Sep 5, 2003
  4. Lennier

    cgi and perl scripts on iserve servers...

    Lennier, Nov 21, 2003, in forum: NZ Computing
    Replies:
    1
    Views:
    300
    dOTdASH
    Nov 21, 2003
  5. XPD

    iserve hosting

    XPD, Nov 25, 2003, in forum: NZ Computing
    Replies:
    2
    Views:
    312
    Brendon
    Nov 25, 2003
Loading...

Share This Page