Comment Re:Uh-huh, riiiiiiiiight... (Score 3, Interesting) 386
There was an exploit for mambo some time ago, sql injection i believe, perhaps several others also, so mambo is a likely culprit.
One cannot say it was PHP directly that got the machine compromised. It was an exploit in a script written in PHP.
A box isn't going to get compromised if PHP was installed alone on the box without any scripts (at least it's very very unlikely).
Is C the direct cause of your box owned when their is an exploit in say, proftpd for example?
I mean, I could also say...
"yeah, you'd have to be mad to run sendmail on a box you don't want to get owned"
"yeah, you'd have to be mad to run proftpd on a box you don't want to get owned"
"yeah, you'd have to be mad to run bind on a box you don't want to get owned"
"yeah, you'd have to be mad to run a linux kernel on a box you don't want to get owned"
These applications have all had their problems in the past, maybe some still have problems, but overall
they get fixed when new exploits/bugs are discovered.
I'm not quite sure why, but a lot of people/webmasters/admins do not check for updates to the 3rd party php scripts
they have installed, they just install them once and leave them running... Then they wonder why their box was compromised
due to them running out of date software.
You wouldn't leave your windows machine unpatched and never check for updates, would you?
One cannot say it was PHP directly that got the machine compromised. It was an exploit in a script written in PHP.
A box isn't going to get compromised if PHP was installed alone on the box without any scripts (at least it's very very unlikely).
Is C the direct cause of your box owned when their is an exploit in say, proftpd for example?
I mean, I could also say...
"yeah, you'd have to be mad to run sendmail on a box you don't want to get owned"
"yeah, you'd have to be mad to run proftpd on a box you don't want to get owned"
"yeah, you'd have to be mad to run bind on a box you don't want to get owned"
"yeah, you'd have to be mad to run a linux kernel on a box you don't want to get owned"
These applications have all had their problems in the past, maybe some still have problems, but overall
they get fixed when new exploits/bugs are discovered.
I'm not quite sure why, but a lot of people/webmasters/admins do not check for updates to the 3rd party php scripts
they have installed, they just install them once and leave them running... Then they wonder why their box was compromised
due to them running out of date software.
You wouldn't leave your windows machine unpatched and never check for updates, would you?
