Security – Are zipped EXE files harmless for Linux servers

anti-virusmalwareSecurity

I ran a malware scanner on my site, and it marked a bunch of zipped EXE files as potential risk files (these files got uploaded by users).
Since I'm able to uncompress the files on my Mac I assume these are real ZIP files and not just something like renamed PHP files.

So the ZIP file shouldn't be any risk for my web server, right?

Best Answer

If they are indeed zipped Windows exe files, they should be harmless to your Linux system, unless you have something like Wine in place that could try to execute them.

But if they are in your web path, they could be malware and pose a big risk for your web sites' visitors (and you in turn, if you end up being marked as malware source and users get ugly warnings when they try to visit your site).

Related Solutions

Php – Got Hacked. Want to understand how

First of all chmod 744 its NOT what you want. The point of chmod is to revoke access to other accounts on the system. Chmod 700 is far more secure than chmod 744. However Apache only needs the execute bit to run your php application.

chmod 500 -R /your/webroot/

chown www-data:www-data -R /your/webroot/

www-data is commonly used as Apache's account which is used to execute the php. You could also run this command to see the user account:

`<?php
print system("whoami");
?>`

FTP is horribly insecure and it's very likely that you were hacked from this method. Using FTP you can make files writable, and then infect them again. Make sure you run an anti-virus on all machines with FTP access. There are viruses that sniff the local traffic for FTP user-names and passwords and then login and infect the files. If you care about security you'll use SFTP, which encrypts everything. Sending source code and passwords over the wire in clear text is total madness.

Another possibility is that you are using an old library or application. Visit the software vendor's site and make sure you are running the latest version.

Security – Our security auditor is an idiot. How to give him the information he wants

First, DON'T capitulate. He is not only an idiot but DANGEROUSLY wrong. In fact, releasing this information would violate the PCI standard (which is what I'm assuming the audit is for since it's a payment processor) along with every other standard out there and just plain common sense. It would also expose your company to all sorts of liabilities.

The next thing I would do is send an email to your boss saying he needs to get corporate counsel involved to determine the legal exposure the company would be facing by proceeding with this action.

This last bit is up to you, but I would contact VISA with this information and get his PCI auditor status pulled.

Best Answer

Related Solutions

Php – Got Hacked. Want to understand how

Security – Our security auditor is an idiot. How to give him the information he wants

Related Topic