Results 26 to 33 of 33
Thread: litespeed hacked?
-
06-13-2010, 02:23 PM #26Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
It concerns me that a similar exploit happened in the past.. the similarities are quite shocking. Makes you wonder what the previous fix was like and if this one was more solid.
http://www.milw0rm.com/exploits/4556█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor
-
06-13-2010, 02:45 PM #27Web Hosting Master
- Join Date
- Mar 2008
- Posts
- 1,717
My personal preference? Each actual user on the system having two users, one who owns the files (and can log in via SFTP or somesuch) and another to provide the context for the executable scripts. That'd give the user fine-grained control over what the website's dynamic scripts can write to (contrast to suPHP's "everything") while still providing a nice, segregated container for the scripts to run in (contrast to mod_php, one user gets owned and everything that Apache's uid has access to, the malicious code does too).
The thing you have to note about this exploit is that it is an exploit in LSWS itself - the PHP isn't even processed through LSAPI/PHP as the web server is just grabbing the file itself and then making the contents available. I didn't test, but I'd venture to say that even with 644 or 640 the exploit would still allow the grabbing of the file contents whether you're running suEXEC or not.I used to run the oldest commercial Mumble host.
-
06-13-2010, 02:46 PM #28Web Hosting Evangelist
- Join Date
- May 2009
- Location
- London, United Kingdom
- Posts
- 472
If the config file was chmod to 600 or 640(as you said above) it wouldn't work. You would get a forbidden(403) error saved instead of the real config.php
@felosi - you are right. They should have fixed it ages ago, back then when thedefaced group found that bug in the first place. I definitely gave up on LSWS now. <3 Lighttpd and nginxLast edited by KnownSRV; 06-13-2010 at 02:50 PM.
-
06-13-2010, 03:17 PM #29Web Hosting Master
- Join Date
- Mar 2008
- Posts
- 1,717
I used to run the oldest commercial Mumble host.
-
06-13-2010, 03:30 PM #30Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
-
06-13-2010, 06:07 PM #31Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
06-13-2010, 06:25 PM #32Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
The issue shouldn't have existed in the first place - it's not open source however throwing a null byte followed by an extension shouldn't be able to manipulate the web server and it's concerning that such a trivial issue even existed is concerning (not only existed, but was previously reported and patched)!
Comparing PHP to a web server is silly, a more valid example would be NGINX's recent fumble or things of that nature. We're also crossing the boundaries of open source vs. closed sourced argument, but I'd rather not go there.
The point I was making earlier was this was an issue previously (2007) and seemingly wasn't ever patched in the 4.x branch. That scares me - not the fact that there was an exploit.█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor
-
06-13-2010, 06:33 PM #33Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
I agree.
I wasn't comparing PHP and a web server - I was comparing the development of two different pieces of software. I was on my phone so admittedly I did cut my post short but the point I was making was that I've seen bugs in 5.1.X that were patched and showed up again in 5.2.X or even issues that were in 4.X.X that came back up in 5.X.X. Numerous times I've seen bugs that shouldn't have happened crop up again and again Heck I've seen a bug fixed in one minor revision for it to come back 2 or 3 minor revisions later
I agree - it is difficult to compare Open and Closed source - the only point I was trying to make is that developers are human and they're bound to make mistakes. If humans were perfect then software would be perfect and we wouldn't have these sort of issues in LSWS, PHP, or any other open or closed source software.
Have you tested every 4.x version - perhaps it was patched and then the issue re-occurred... I don't know - the thought did cross my mind to test them but I don't feel like spending the time to do it
While I do agree with you that if it was patched in one version it should have also been fixed in another but the fact of the matter is - as I have said above - we're all human and we make mistakes█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
Similar Threads
-
Paypal got Hacked or my paypal acct got hacked
By chefwong in forum Web Hosting LoungeReplies: 14Last Post: 09-23-2008, 02:48 PM -
Gmail has been hacked. Therefore Paypal and eBay have been hacked as well. HELP
By trexie in forum Web Hosting LoungeReplies: 77Last Post: 04-03-2007, 09:57 AM -
Think I've been hacked
By cfaice in forum Hosting Security and TechnologyReplies: 2Last Post: 12-02-2005, 11:12 PM -
Hacked or not?
By BooBoo in forum Dedicated ServerReplies: 1Last Post: 12-13-2002, 02:01 PM