Very nice stuff is published here
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Mayhem
Basically it means the attacker can upload any source code to your web site and execute it using LD_PRELOAD when normal exec calling. Means you can see, f.ex. host command running, but instead of host you are joining the bot net.
As we run php from suexec daemon, do you know if there is any way to disable LD_PRELOAD at all?
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Mayhem
Basically it means the attacker can upload any source code to your web site and execute it using LD_PRELOAD when normal exec calling. Means you can see, f.ex. host command running, but instead of host you are joining the bot net.
As we run php from suexec daemon, do you know if there is any way to disable LD_PRELOAD at all?