[ILUG] XMLRPC
Jason Corcoran
jason at jcorcoran.net
Wed Dec 13 09:22:11 GMT 2006
On Tue, Dec 12, 2006 at 11:25:58AM -0800, Rick Moen wrote:
> As others have suggested in their answers to your question, you will
> have a very major security concern, as PHP in general and the PHPXMLRPC
> and PEAR XMLRPC libs in particular have had... issues.
>
> "PHP" on http://linuxmafia.com/kb/Security has some pointers.
> http://linuxmafia.com/~rick/faq/index.php?page=virus#virus5 details
> one past security debacle involving those libs: the Lupper worm of Nov.
> 2005.
>
> If it turns out that your distro lacks maintained packages for those
> libs, and you end up extracting it from some third-party source, then
> please be aware that you'll need to attentively track and fix security
> issues for that software manually. (Lupper illustrates what happens
> when you don't, on that and any other locally-installed Web software.)
Thanks to Rick et al.
It is a clarkconnet firewall box that I am looking to run the script on. Having a look at the security issues and the fact that the web site is not mission critical (I have my mx record pointing to a dynamic dns site with the usaual <hostname>.<ourdomain>.org type entry.) I might just keep updating it by hand and see if I can clobber a perl script to update the dns service (xname.org).
Thanks.
Jason.
--
Jason.
Fortune :
the daemons! the daemons! the terrible daemons!
More information about the ILUG
mailing list