[BlueOnyx:22158] Re: Drupal - ditch it!
Dirk Estenfeld
dirk.estenfeld at blackpoint.de
Fri Jun 15 02:20:17 -05 2018
Hello Michael,
I had an infected machine.
There was a customer drupal 7.53 (2016 :/ ).
The mining server was places in /usr/sausalito/ui/web/z-push/state/ because this folder have 777 rights.
drwxrwxrwx. 2 admserv admserv 4096 Jul 13 2016 state
Is this necessary for z-push?
Maybe the rights of state order can be changed to something more secure?
Best regards,
Dirk
---
blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
-----Ursprüngliche Nachricht-----
Von: Blueonyx [mailto:blueonyx-bounces at mail.blueonyx.it] Im Auftrag von Michael Stauber
Gesendet: Mittwoch, 25. April 2018 02:30
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:21976] Re: Drupal - ditch it!
Hi all,
> Still think it's a good idea to run something on your server that has> such a terrible track record as Drupal has? They will *NEVER* get>
security right. Not in a million years. Forget it.> > The vulnerability
I'm talking about is this one:> > https://www.drupal.org/sa-core-2018-002
Speaking of that: Here is another security advisory for Drupal from
today. They are anouncing a patch for the horrible security leak they
introduced while patching last months horrible security issue:
https://www.drupal.org/psa-2018-003
\o/
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list