httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Lavitt <...@lavitt.net>
Subject Re: [users@httpd] Keeping hackers out of /dev/smh
Date Wed, 16 May 2007 20:16:09 GMT
Joshua Slive wrote:

> On 5/16/07, Marc Perkel <marc@perkel.com> wrote:
>
>> I was hoping for a more specific answer. If I could have done that I
>> wouldn't be here asking how to do it.
>
>
> Well, your original question was a little like "There's some money
> missing from my dresser drawer; how do I stop that from happening?" We
> told you to make sure no robbers get into your house. You then asked
> us how to do that.
>
> Well, given we know nothing about your house, there is nothing we can
> tell you that wouldn't be trivial: go check the doors to see if they
> are locked, check for any broken glass around the windows, and make
> sure you don't give the key to anyone untrustworthy.
>
> Translating that into apache-speak: check your logs for anything
> unusual, check all the dynamic content (php/cgi/etc) for possible
> vulnerabilities, and make sure that your OS, apache, and scripts are
> all up-to-date on security patches.
>
> If you want more specific help, you'll need to ask a non-trivial 
> question.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
Also consider other services, such as FTP servers, SSH, SCP, etc. etc. etc.

Apache very well may not be to blame, and in my experience, outside of a 
hole opened by a script in a site, it is quite secure.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message