[Techtalk] Re: Server was hacked into; looking for tips on how to secure it

Raven Alder raven at oneeyedcrow.net
Tue Feb 25 20:11:01 EST 2003

Heya --

	Slowly working through my mail... [grin]

Quoth jennyw (Sun, Feb 23, 2003 at 10:36:59PM -0800):
> I'm curious as to what exploits there are against the system. More info:
> Debian GNU/Linux 3.0 (Woody); I use apt-get dist-upgrade regularly to get
> securtiy patches.  Apache 1.3.26-0woody3,

http://www.apache.org/dist/httpd/Announcement.html -- looks like there
were three security vulnerabilities in 1.3.26 that were fixed in 1.3.27.
Might want to upgrade to 1.3.27 when you rebuild the box.

	Out of curiosity, are you running stable, unstable, testing, or

> PHP 4.1.2-6

	There's definitely a DoS exploit out there for Apache 1.3.26/PHP
4.1.2 on Linux x86 (I'm assuming that's you?)


And where there's one, there are probably others.

	Patch, patch, patch.  [wry grin]


"Yeah - they need to know the difference between AES, 3DES, and RSA before
 you'll even consider sleeping with them."
 -- Rick, on my selection algorithms

More information about the Techtalk mailing list