Re: Server hacked - next...?

To: "Jason Lim" <maillist@jasonlim.com>, <debian-isp@lists.debian.org>
Subject: Re: Server hacked - next...?
From: Russell Coker <russell@coker.com.au>
Date: Sun, 29 Jun 2003 18:02:00 +1000
Message-id: <[🔎] 200306291802.00054.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 05d401c33e0e$075ebf60$0800a8c0@SYSTEM8>
References: <[🔎] 04ca01c33dfb$6dce7b40$0800a8c0@SYSTEM8> <[🔎] 200306291549.00472.russell@coker.com.au> <[🔎] 05d401c33e0e$075ebf60$0800a8c0@SYSTEM8>

On Sun, 29 Jun 2003 17:12, Jason Lim wrote:
> The box is a very recently updated "stable" box... virtually every other
> date apt-get is update/upgrade.
>
> The box is setup very secure... the usual things were done... like
> ensuring no unused services are running and things like that.
>
> So does that mean "stable" is actually vulnerable to something we all
> don't know about???

That could be the case.

Or it could be some issue of your configuration.  Maybe you have Apache set to 
run customer cgi-bin scripts under the same UID and a customer uploaded an 
insecure or hostile cgi-bin script.

Have you considered using SE Linux?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Server hacked - next...?
  - From: "Jason Lim" <maillist@jasonlim.com>

References:
- Server hacked - next...?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: Server hacked - next...?
  - From: Russell Coker <russell@coker.com.au>
- Re: Server hacked - next...?
  - From: "Jason Lim" <maillist@jasonlim.com>

Prev by Date: Re: Server hacked - next...?
Next by Date: RE: Bill Gates' ludicrous ideas to "block spam"
Previous by thread: Re: Server hacked - next...?
Next by thread: Re: Server hacked - next...?
Index(es):
- Date
- Thread