[Cadre-politics] political considerations of safe mode for php

[Dan MacNeil]

The poor sap below is in the unhappy situation of either shutting down 
his customers or SPAMING the world and getting blacklisted. One of his 
50 customers has an insecure php script that is being compromised for 
the sake of SPAM and he is find it hard to find the script.

By operating in a locked down mode, we've not been able to easily run 
stuff like Drupal and Gallery.

Except for one brief incident, we've also avoided the beating that this 
guy is taking. Though to be fair, this is as much luck as it is care.

...Just thought I'd expose the group to political discussions that so 
far have taken place only between 2-3 people.




######
-------- Original Message --------
Subject: apache: what site is sending email from www-data
Resent-Date: Fri,  5 May 2006 17:18:07 -0500 (CDT)
Resent-From: debian-isp at lists.debian.org
Date: Fri, 05 May 2006 15:18:05 -0700
From: jack <lists at qnorth.net>
To: debian-isp at lists.debian.org

I've had this sort of thing happen a few times, and I'm wondering if
anyone know's any way to figure it out, or prevent it:

You have say, 50 websites running on your webserver (mostly PHP, some
cgi). You start to notice your webserver is sending out HUGE amount of
email (which is spam). Looking at any of the messages in the mail queue,
you notice all the messages are coming from www-data at host.mydomain.tld,
so I know they are coming from apache, but what site is it coming from!?!

I've been curious about running PHP under fastcgi w/apache2 with
FastCGIsuEXEC enabled for each site. From what I understand, doing this
would make the example I gave before send out mail from
(UID-SET)@host.mydomain.tld (rather then www-data) which would do
exactly as I'd want.

What's your experience with this sort of thing? Any suggestions?

Thanks...


-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST at lists.debian.org
with a subject of "unsubscribe". Trouble? Contact 
listmaster at lists.debian.org