<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p> </p>
<p> </p>
<p>But unless you highly partition your content in jails under Apache, I suppose the ransomware could attack anything apache has write privileged to modify. I don't leave static content owned by apache.apache. However there are some dynamic content directories that are. SQL connections could also be vulnerable. I suppose the same sound principles that apply toward generally securing a web server would apply to protecting data against ransomware risk.</p>
<p>-Alan</p>
<p>On 2015-11-09 09:49, Jim Kinney wrote:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<p dir="ltr">Granted, apache starts as root to claim ports 89 and 443 then drops root and runs as unprivileged apache user. It's done this by default for over a decade. Only a total noob blindly pasting commands from forums for noobs will have an all root apache. Or someone who compile apache themselves and had all the security flags wrong.</p>
<div class="gmail_quote">On Nov 9, 2015 9:37 AM, "Charles Shapiro" <<a href="mailto:hooterpincher@gmail.com">hooterpincher@gmail.com</a>> wrote:<br />
<blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;">
<div dir="ltr">Am I reading this right? You have to be running Apache as root to be vulnerable?
<div> </div>
<div>t's worth noting that the malware requires the compromised user account on the Linux system to be an administrator; operating Web servers and Web services as administrator is generally considered poor security form, and threats like this one just reinforce why.</div>
</div>
<div class="gmail_extra"><br />
<div class="gmail_quote">On Mon, Nov 9, 2015 at 5:53 AM, Leam Hall <span><<a href="mailto:leamhall@gmail.com">leamhall@gmail.com</a>></span> wrote:<br />
<blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;"><span><span>On 11/09/15 04:35, DJ-Pfulio wrote:<br /></span></span>
<blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;">Linux Ransom-ware is out looking for ways to attack and encrypt your<br /> systems:<br /> <a href="https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/">https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/</a><br /> <br /> Good news: They only want 1 bitcoin as payment.<br /> <br /> Bad news: 1 BC is about US$420 and the unlock process doesn't put<br /> everything back exactly like it was.</blockquote>
Good news; we're all now reminded to back up our files and sites. :)<span><span style="color: #888888;"><br /> <br /> Leam</span></span>
<div>
<div><br /> _______________________________________________<br /> Ale mailing list<br /> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br /> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br /> See JOBS, ANNOUNCE and SCHOOLS lists at<br /> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a></div>
</div>
</blockquote>
</div>
</div>
<br />_______________________________________________<br /> Ale mailing list<br /> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br /> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br /> See JOBS, ANNOUNCE and SCHOOLS lists at<br /> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br /> </blockquote>
</div>
<br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br /> Ale mailing list<br /> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br /> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br /> See JOBS, ANNOUNCE and SCHOOLS lists at<br /> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a></div>
</blockquote>
</body></html>