Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Hi.
On Friday 22 July 2005 00:14, Ulf Harnhammar wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache,
> ^^^^^^
> > php, exim and nothing else (all as of Debian 3.1)?
> ^^^
>
> There are lots of insecure web applications out there. One idea could be to
> look for security advisories for web applications you use, or even audit
> them yourself.
Well, since we more or less control everything on that server, there's not
much. TYPO3, which I trust very much (there have been professional security
audits for major releases, search bugtraq for it - not much). And linpha, a
photo archive one users uses. There are a few issues to be found, but more in
the line of SQL injection. Nothing one could use to log in to the server
itself.
Hm.
Karsten
--
This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.
(Chris Berry)
Reply to: