Re: Server hacked - next...?

To: <debian-isp@lists.debian.org>, "Frode Haugsgjerd" <froh@froh.dyndns.org>
Subject: Re: Server hacked - next...?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Tue, 1 Jul 2003 10:07:01 +0800
Message-id: <[🔎] 001301c33f75$761fe0b0$0800a8c0@SYSTEM8>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <Pine.LNX.4.43.0306290156100.10730-100000@blackhole.quasar.net> <[🔎] 05d501c33e0e$2ac03650$0800a8c0@SYSTEM8> <[🔎] 20030629104805.GE14343@sjefen.linux.cxm>

> As Russell Coker points out, the attaccer probably  got in trough
> apache and a vulnerable CGI script.
> When you reinstall, be sure you dont run any insecure CGI's.
> There is probably a bunch of other improvements jou can do.


DOH... I just posted saying that in my previous email before reading his
message! Bah... Russell gets credit for it ;-)

>
> Mount /tmp with noexec
> Run a hardened kernel like NSA or Grsecurity.
> etc.
>

What would the advantage of mounting /tmp with noexec be??

Definitely looking into running a hardend kernel now... especially after
all this crap. Only thing that's been holding me back is the amount of
work it would entail.....

Reply to:

References:
- Re: Server hacked - next...?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: Server hacked - next...?
  - From: Frode Haugsgjerd <froh@froh.dyndns.org>

Prev by Date: Re: Server hacked - next...?
Next by Date: Re: Woody Stable and Kernel 2.4.21
Previous by thread: Re: Server hacked - next...?
Next by thread: Re: Server hacked - next...?
Index(es):
- Date
- Thread