Introduction
The most common way systems are compromised are through web applications. An excellent example of this is phpBB. Users install phpBB on your shared web server. It works, so they leave it. 6 months later, 3 exploits that allow code execution are found in phpBB but the user on your shared web server isn’t concerned with security. You get an email from the feds telling you your server has been taking part in a DDoS.
If you’ve ever seen such an exploit, they usual create a botnet and search for other vulnerable applications on other servers and compromise [continued…]