[nSLUG] apache used to generate spam

D G Teed donald.teed at gmail.com
Mon Jun 8 10:24:41 ADT 2009


On Mon, Jun 8, 2009 at 12:03 AM, Hatem Nassrat<hnassrat at gmail.com> wrote:

> I have installed apache and PHP (unfortunately many things are done
> with php these days) and I found something strange, my server
> signature looked weird.
>
>    Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch
> Server at localhost Port 80
>
> I decided to see whats this "Suhosin-Patch" that I have installed and
> I was shocked. Somebody actually cared to try to fix some of the
> security holes in php. If this patch was installed the above attack
> would have never happened.

Cool.  Thanks for sharing that tidbit.  Debian 5's php module and CLI  has this
patch as well.  Unfortunately, the latest Redhat 5.3 does not.  According
to a Redhat bug report, Fedora is getting it via a php plugin.

There is a how-to for CentOS and Redhat to add it as extension:

http://www.cyberciti.biz/faq/rhel-linux-install-suhosin-php-protection/

I'm finding it funny lately that Debian, with the old reputation of being behind
the times, is showing itself to be more advanced than Redhat with issues
such as these.

--Donald



More information about the nSLUG mailing list