[PLUG] Joe Jobbed

Ronald Chmara ron at Opus1.COM
Sat Oct 6 03:11:07 UTC 2007


On Oct 5, 2007, at 9:29 AM, alan wrote:
> On Fri, 5 Oct 2007, Rich Shepard wrote:
>> On Fri, 5 Oct 2007, Michael Rasmussen wrote:
>>> "The vast majority of the threats we saw were rootkitted Linux  
>>> boxes,
>>> which was rather startling. We expected Microsoft boxes," he said.
>>   Unpatched boxes ... for whatever reason? No firewalls or IP  
>> table rules?
>> Other reasons?
> Hosting sites that do not install Yum.  (I know of at least one.)   
> I blame
> Plesk.

I don't.

I blame lazy distros, who don't keep on top of security (Cent,  
Debian, Ubuntu, RHEL... the whole lot of 'em are to blame).
I blame lazy admins, who think that uptime is more important than  
security upgrades (if you are running a machine a year old, maybe you  
*deserve* to be rootkit'ed).
I blame users (and admins) who don't understand that a disturbingly  
large number of "web applications" are complete and total rubbish  
(Joomla, WordPress, phpBB, phpNuke, Plesk, phpMyAdmin, cPanel... the  
list is insane) when it comes to security.

So, here's a quick survey:
Who has a web server that was running PHP 5.2.4, openSSL 0.9.8d,  
Apache 2.2.6, and a 2.6.22.9 kernel *before* I sent this message?
(I expect crickets, but will buy a beer (or quite a few) for anybody  
who is keeping *actually* current, rather than "distro-current"....  
Python- and Perl-centric servers can apply, but only if they are  
running the latest security-fix sources as well.)

If not, *why* not, because those *are* the latest security patches  
for those very simple, *core*, pieces of most linux web servers?

-Ronabop



More information about the PLUG mailing list