| |
On December 23, 2004 the Santy Worm attacked the web. It is estimated that Santy defaced millions of web pages on over 500,000 website in less than 3 days.
The Santy Worm gained access to servers through a PHP vulnerability. But PHP pages were not the only files that were defaced. On Apache servers that were not running suExec, all files that could be written to by content management systems, bulletin boards, wysiwyg editors, or database processes were also defaced.
The Perl, PHP and Apache communities have recommended running suExec for years. With EditWrx suExec is no longer an option - it is a requirement.
|
|
