My Saturday has been completely ruined by having to perform emergency cleanup on one of our servers due to an exploited PHP script which allowed them to upload a shell which allowed them to modify all of our PHP files in our document root.
This got me thinking - Would any harm come from using chattr +i on our entire public_html directory? We don't write any files to the document root so it seems like this could help, if not completely prevent, this problem in the future.
Or am I missing something obvious here?
[link][14 comments]