On Tue, Dec 12, 2006 at 11:25:58AM -0800, Rick Moen wrote:
> As others have suggested in their answers to your question, you will
> have a very major security concern, as PHP in general and the PHPXMLRPC
> and PEAR XMLRPC libs in particular have had... issues.
>> "PHP" on http://linuxmafia.com/kb/Security has some pointers.
>http://linuxmafia.com/~rick/faq/index.php?page=virus#virus5 details
> one past security debacle involving those libs: the Lupper worm of Nov.
> 2005.
>> If it turns out that your distro lacks maintained packages for those
> libs, and you end up extracting it from some third-party source, then
> please be aware that you'll need to attentively track and fix security
> issues for that software manually. (Lupper illustrates what happens
> when you don't, on that and any other locally-installed Web software.)
Thanks to Rick et al.
It is a clarkconnet firewall box that I am looking to run the script on. Having a look at the security issues and the fact that the web site is not mission critical (I have my mx record pointing to a dynamic dns site with the usaual <hostname>.<ourdomain>.org type entry.) I might just keep updating it by hand and see if I can clobber a perl script to update the dns service (xname.org).
Thanks.
Jason.
--
Jason.
Fortune :
the daemons! the daemons! the terrible daemons!
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
