httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graeme Fowler <>
Subject Re: [users@httpd] Keeping hackers out of /dev/smh
Date Wed, 16 May 2007 21:13:43 GMT
On Wed, 2007-05-16 at 13:23 -0700, Marc Perkel wrote:
> I'm somewhat sue the problem is apache related because the files that 
> end up there are owned by user apache.

All that means is that the intrusion is most likely happening via a
process running as the apache user. In the vast majority of cases that
means the intrusion is taking place via something served up by your

I'll take a punt: you have a customer with something like wordpress (or
other blog engine), phpbb or vbulletin (or some other forum
application), some sort of CMS like drupal, or something else written in
PHP which is being handled by mod_php loaded up as an Apache module.
Someone knows that's the case and is driving a bus through the holes the
application contains (or, to keep the house analogy going, they know of
a hole in your screen door that you haven't bothered to fix yet; you
lock the screen door but leave the internal one behind it on the latch.
Or something...)

[Update: you're using squirrelmail, which is written in PHP, but you are
at least up-to-date with that.]

Your problem is almost certainly not directly related to Apache.

You appear to be providing hosting as a business. You need to ensure
your customers keep their PHP applications patched and up-to-date in
order to keep your server(s) secure.

I'll say it again - your problem is almost certainly not directly
related to Apache.

There are many ways you can mitigate, but not remove, these PHP related
problems. The first is to stop running PHP as a module and take the
performance hit of running it as a CGI. That way, if you get clobbered
by an intrusion, you should know *exactly* which user (and therefore
site) caused it.

Please take the time to read up on how to do it. It's not hard.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message