There appears to be an exploit in the wild which is automating the Cacti Command execution and SQL Injection Vulnerability [see Secunia alert 23528]. Via this exploit, any server running an older version of Cacti from before December 28th.

Of course it’s always best to keep your software up to date. Other tricks to keep your system secure:

  • Do not use default directories. Instead of /cacti/, use /somethingcacti/. This will foil any scripts which find based on server IP and default location (scripts can still find via a search engine search).
  • Run apache using mod_security – this will try to catch SQL injection and remote command execution
  • Mount your temporary directory (usually /tmp) with NOEXEC flag. This will prevent any script kiddies who are able to exploit a vulnerability from running other programs from the /tmp directory that PHP usually dumps things to.

Let me know if you have any other tips like these!

You May Also Like

Firewall Ports to Open Up For DNS Servers

Everyone knows that DNS servers use UDP port 53 for queries, right?…

Map a drive letter to a SFTP / SSH Server

My preferred server platform is linux. I have not yet been able…

Clearing spamassassin BAYES filter tokens

I recently had a problem where my Spamassassin install started thinking that…

Using a shared network printer on an MS-DOS based program.

For those of you, or those of you with clients, who have…