[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Server hacked - next...?

> As Russell Coker points out, the attaccer probably  got in trough
> apache and a vulnerable CGI script.
> When you reinstall, be sure you dont run any insecure CGI's.
> There is probably a bunch of other improvements jou can do.

DOH... I just posted saying that in my previous email before reading his
message! Bah... Russell gets credit for it ;-)

> Mount /tmp with noexec
> Run a hardened kernel like NSA or Grsecurity.
> etc.

What would the advantage of mounting /tmp with noexec be??

Definitely looking into running a hardend kernel now... especially after
all this crap. Only thing that's been holding me back is the amount of
work it would entail.....

Reply to: