<br><br>On Monday, November 9, 2015, Alan Hightower <<a href="mailto:alan@alanlee.org">alan@alanlee.org</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">
<p> </p>
<p> </p>
<p>But unless you highly partition your content in jails under Apache, I suppose the ransomware could attack anything apache has write privileged to modify. I don't leave static content owned by apache.apache. However there are some dynamic content directories that are. SQL connections could also be vulnerable. I suppose the same sound principles that apply toward generally securing a web server would apply to protecting data against ransomware risk.</p>
<p>-Alan</p></div></blockquote><div>Indeed. This is why systems need to be continually patched; not just every quarter or some other ridiculousness. Especially if you're exposing yourself via systems that are known to be poorly "designed" like PHP. <br></div><br><br>-- <br><div dir="ltr"><div><div dir="ltr"><div>James Sumners<br><a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)</div><div><a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)</div><div><a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (band page)</div></div></div></div><br>