Re: possible apache flaw ?

["veins" <veins@skreel.org>]

I am the one in charge of most PHP on our site. It has nothing to do with
the security
in php scripts as even the most insecure script would not make apache
segfault and
"give" someone a shell. I didn't get the chance to portscan the server and
see if it really
binds a shell to some port because of pf having very restrictrive rules but
that would
explain the idling (user 'www' loggued in for 10 minutes idling before I
kill the process).
I will disable pf in a few hours and see if I can get more infos but for now
all I can do
is constantly auditing logs in search of weird things.

veins
-- bofh at kheos.net && skreel.org - bofh, the choice of a degenerated
administration.
'Un jour, un canard qui se prénommait Harry dit à une cane: ris, cane ! Et
la cane a ri.'



> On Monday, March 11, 2002 3:00 PM (in Japan) veins warned:
>
> > yes, everything is up to date, this is what scares me...
>
> Who's writing the php on your site? Could it have anything to do with
this:
>
> http://www.fokus.gmd.de/linux/HOWTO/Secure-Programs-HOWTO/php.html
>
> Joel Rees
> Alps Giken Kansai Systems Develoment
> Suita, Osaka