[Seaside] Deployment question: Anyone using modSecurity (or equiv) to ensure hackers keep out of Seaside?

Rick Flower rickf at ca-flower.com
Mon Feb 16 17:21:22 UTC 2009


I had an issue over the weekend with my main server which is used as my
Seaside front end.. The issue was not related to Seaside at all but was
related to me having an instance of RoundCube sitting in my htdocs directory
for Apache.. Needless to say there was a security issue with the version of
the code I had and someone took advantage of it to run a perl script (via a
script/PHP vulnerability) that started sending spam out and sucking up 100%
of one of the 4 CPU's on the box..

This manifested itself in that our ISP shutdown our connection and our
systems stopped responding to Internet traffic.  In poking around I found
that our unix server was constantly hammering our router which seemed very
odd.  Anyway, I obviously found the culprit and have since ensured it would
not be hit again.

So.. In reviewing the issue involved with this it appears that something
like ModSecurity (see links below) and rules from GotRoot.com might help
prevent this sort of thing from happening and was curious if anyone running
Seaside/Apache combinations has gone down this path to ensure naughty things
don't get passed into Seaside if possible.. Obviously I realize that PHP !=
Smalltalk and that exploits could be different but I'd like to reduce the
chances as best I can.

Just to be fair & clear, I've got no interest or relation to either of the
two organizations below.. I've not even used their stuff yet.. I just
want to see if anyone else has gone down this path to ensure your Seaside
apps are not being hit for tasks they're not designed for...

Links:

http://www.modsecurity.org/
http://www.gotroot.com/




More information about the seaside mailing list