[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)


On Friday 22 July 2005 00:14, Ulf Harnhammar wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache,
>                                                                     ^^^^^^
> > php, exim and nothing else (all as of Debian 3.1)?
>   ^^^
> There are lots of insecure web applications out there. One idea could be to
> look for security advisories for web applications you use, or even audit
> them yourself.

Well, since we more or less control everything on that server, there's not 
much. TYPO3, which I trust very much (there have been professional security 
audits for major releases, search bugtraq for it - not much). And linpha, a 
photo archive one users uses. There are a few issues to be found, but more in 
the line of SQL injection. Nothing one could use to log in to the server 


This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.
                                                           (Chris Berry)

Reply to: