Re: Server hacked - next...?
On Sun, 29 Jun 2003 17:12, Jason Lim wrote:
> The box is a very recently updated "stable" box... virtually every other
> date apt-get is update/upgrade.
>
> The box is setup very secure... the usual things were done... like
> ensuring no unused services are running and things like that.
>
> So does that mean "stable" is actually vulnerable to something we all
> don't know about???
That could be the case.
Or it could be some issue of your configuration. Maybe you have Apache set to
run customer cgi-bin scripts under the same UID and a customer uploaded an
insecure or hostile cgi-bin script.
Have you considered using SE Linux?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: