[ale] Linux Ransom-ware

Alan Hightower alan at alanlee.org
Mon Nov 9 11:09:21 EST 2015 

 

But unless you highly partition your content in jails under Apache, I
suppose the ransomware could attack anything apache has write privileged
to modify. I don't leave static content owned by apache.apache. However
there are some dynamic content directories that are. SQL connections
could also be vulnerable. I suppose the same sound principles that apply
toward generally securing a web server would apply to protecting data
against ransomware risk. 

-Alan 

On 2015-11-09 09:49, Jim Kinney wrote: 

> Granted, apache starts as root to claim ports 89 and 443 then drops root and runs as unprivileged apache user. It's done this by default for over a decade. Only a total noob blindly pasting commands from forums for noobs will have an all root apache. Or someone who compile apache themselves and had all the security flags wrong. 
> On Nov 9, 2015 9:37 AM, "Charles Shapiro" <hooterpincher at gmail.com> wrote:
> 
> Am I reading this right? You have to be running Apache as root to be vulnerable? 
> 
> t's worth noting that the malware requires the compromised user account on the Linux system to be an administrator; operating Web servers and Web services as administrator is generally considered poor security form, and threats like this one just reinforce why. 
> 
> On Mon, Nov 9, 2015 at 5:53 AM, Leam Hall <leamhall at gmail.com> wrote:
> On 11/09/15 04:35, DJ-Pfulio wrote:
> Linux Ransom-ware is out looking for ways to attack and encrypt your
> systems:
> https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/ [1]
> 
> Good news: They only want 1 bitcoin as payment.
> 
> Bad news: 1 BC is about US$420 and the unlock process doesn't put
> everything back exactly like it was. Good news; we're all now reminded to back up our files and sites. :)
> 
> Leam 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale [2]
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo [3]

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale [2]
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo [3]

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale [2]
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo [3] 

Links:
------
[1]
https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/
[2] http://mail.ale.org/mailman/listinfo/ale
[3] http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20151109/813d001d/attachment.html>

More information about the Ale mailing list