Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)

To: debian-security@lists.debian.org
Subject: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
From: Paolo Pedaletti <paolo.pedaletti@unimib.it>
Date: Fri, 22 Jul 2005 11:13:28 +0200
Message-id: <[🔎] 20050722091328.GB9057@localdomain>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20050721205149.GA12897@northernsecurity.net>
References: <[🔎] 200507212017.39013.Karsten@k-fish.de> <[🔎] 20050721205149.GA12897@northernsecurity.net>

ciao Thomas Sjögren,

> . Better passwords

like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options

and...

- send syslog (better syslog-ng) entries to a log-server

- chroot LAMP

- run nessus against the server

- run snort on server

- ... (what else?)

If he had enough time, he could put your LAMP-server beyond a transparent 
forwarding-server and log everything.

HTH

-- 
/* Paolo Pedaletti,

Reply to:

References:
- Help needed - server hacked twice in three days (and I don't think I'm a newbie)
  - From: Karsten Dambekalns <Karsten@k-fish.de>
- Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
  - From: Thomas Sjögren <thomas@northernsecurity.net>

Prev by Date: Re: last -t lists all entries in wtmp
Next by Date: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Previous by thread: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Next by thread: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Index(es):
- Date
- Thread