[BlueOnyx:13977] Re: Spam Attack Vector
Michael Stauber
mstauber at blueonyx.it
Sun Nov 3 21:34:24 -05 2013
Hi Rodrigo,
> Add apache to the file /etc/cron.deny so apache wont be allowed to use cron.
> Even if an attacker is able to obtain a valid user from your system
That is actually a pretty good suggestion.
I think we should take this a bit further, though. If your site in
question had used suPHP, the attacker would have been able to set a
cronjob as the "web owner" user for that site instead.
So a better approach would be:
Create /etc/cron.allow and put this in it:
root
Root will always be able to create crojobs. Regardless if he is listed
in /etc/cron.allow or not. However: If /etc/cron.allow exists, nobody
but root and the accounts listed in /etc/cron.allow can create cronjobs.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list