[nycbug-talk] Searching for suspect PHP files...

Marc Spitzer mspitzer at gmail.com
Tue Mar 10 23:51:09 EDT 2009

On Tue, Mar 10, 2009 at 6:35 PM, Matt Juszczak <matt at atopia.net> wrote:
>> Just a handy tip...
> Good pieces of advice.  At this point, I'm implemneting mtree for my new
> server deployments, but I still wish there was a way to somehow check if
> my FreeBSD 6.3-RELEASE machine has been compromised.

Well if it really is keeping you up at night you can do the following:
1: reinstall the box from cds, feel free to make your own if you want
2: only install binaries that you have already check sumed on your system
3: set up a nms station and monitor all your traffic
4: host based IDS
5: rewrite all your php code in something safer, say haskel.
5: learn all the things you don't know yet to do all of the above

This is a huge investment in time that does not advance the bussiness


accept the fact that that you may have a problem down the road and get
on with your day.  Security is like insurance, its not how much I want
its how much do I want to pay for.

This does not mean you do not take reasonable precautions to minamize
your risk, ie mtree, dir tree in temp, runing apache/web in a zone and
the list goes on.  But befor you start down the security rabbit hole
set up a budget X dollars or Y hours for setup/training and Z hours
for monitoring daily/weekly.  Then do as much security as you can



Freedom is nothing but a chance to be better.
Albert Camus

More information about the talk mailing list