[Techtalk] Re: Server was hacked into; looking for tips on how to secure it
Raven Alder
raven at oneeyedcrow.net
Tue Feb 25 20:11:01 EST 2003
Heya --
Slowly working through my mail... [grin]
Quoth jennyw (Sun, Feb 23, 2003 at 10:36:59PM -0800):
> I'm curious as to what exploits there are against the system. More info:
> Debian GNU/Linux 3.0 (Woody); I use apt-get dist-upgrade regularly to get
> securtiy patches. Apache 1.3.26-0woody3,
http://www.apache.org/dist/httpd/Announcement.html -- looks like there
were three security vulnerabilities in 1.3.26 that were fixed in 1.3.27.
Might want to upgrade to 1.3.27 when you rebuild the box.
Out of curiosity, are you running stable, unstable, testing, or
what?
> PHP 4.1.2-6
There's definitely a DoS exploit out there for Apache 1.3.26/PHP
4.1.2 on Linux x86 (I'm assuming that's you?)
http://www.kodsweb.ru/exploits/pack2/D.o.S_exploit_for_PHP_4.2.0_4.2.1_with_Apache_1.3.26_on_Linux_x86.txt
And where there's one, there are probably others.
Patch, patch, patch. [wry grin]
Cheers,
Raven
"Yeah - they need to know the difference between AES, 3DES, and RSA before
you'll even consider sleeping with them."
-- Rick, on my selection algorithms
More information about the Techtalk
mailing list