Re: Server hacked - next...?
> As Russell Coker points out, the attaccer probably got in trough
> apache and a vulnerable CGI script.
> When you reinstall, be sure you dont run any insecure CGI's.
> There is probably a bunch of other improvements jou can do.
DOH... I just posted saying that in my previous email before reading his
message! Bah... Russell gets credit for it ;-)
> Mount /tmp with noexec
> Run a hardened kernel like NSA or Grsecurity.
What would the advantage of mounting /tmp with noexec be??
Definitely looking into running a hardend kernel now... especially after
all this crap. Only thing that's been holding me back is the amount of
work it would entail.....