[Techtalk] Server was hacked into; looking for tips on how to secure it
Carla Schroder
carla at bratgrrl.com
Mon Feb 24 00:20:09 EST 2003
On Sunday 23 February 2003 10:36 pm, jennyw wrote:
>
> About Postfix being configured for an open relay -- it wasn't.
by default it is not.
. I don't think there are known exploits against
> BIND 9, although there were against BIND 8.
Feh on BIND in any form.
http://www.isc.org/products/BIND/bind-security.html, for one example.
You're much better off using djbdns. I cannot say if it BIND had anything to
do with your system getting cracked, but why risk it.
>
> But since many processes were running as www-data, I think they got in
> through the Web site. I'll research more ways of running Apache, but I'm
> in a difficult position since I had several sites on the server for other
> people and I'd like to get it up as soon as possible. Maybe there's a way
> to run Apache in a chroot jail or something? Of course, I barely
> understand what that term means.
>
There's all kinds of great books and articles on Apache. It's quite
secure-able, I don't know about using a chroot jail. Postfix runs happily
inside a chroot jail.
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.7 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list