Posted Feb 15, 2007 2:47 UTC (Thu) by zlynx
Parent article: Linux botnets
SELinux can help here. PHP applications should not be making outgoing network requests.
If SELinux is too difficult, iptables can filter away outgoing traffic as well. Not enough people put outgoing blocks on their firewalls.
A server farm / rack provider might also run IDS like Snort. See if you can get them to copy you on IDS alerts related to your IPs.
And for crying out loud, don't use your login password for your application's SQL account, helpfully listed in a plain text PHP include.
to post comments)