[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Bob Hoffman bob at bobhoffman.com
Wed Jun 3 20:32:43 UTC 2009


 

> -----Original Message-----

> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? 
> Oh hell....


> 
> Basically, audit every app out there you plan to use - the 
> people who write these web applications often don't take 
> security into consideration before they upload them to their 
> server for your consumption.
> 
> 

Ditto ditto ditto.
And it is wise, although very time consuming, to look at all programs loaded
onto your centos too.
Mysql comes with a number of ways to get full access unless you go right in
and change localhost/localdomain user/pass and delete the two extra
accounts...

And that is just one.

Rarely, rarely, do I see a application built from security first as far as
web apps. Dang scary.
If you are using a popular program an exploit will be done automatically to
every site that has it.
Since each install uses the same pages basically, it is easy for a autobot
to find them all and zero day your forums, xss your whatever, and so on.

Dang scary to leave JS on at all....even though you basically have too.




More information about the CentOS mailing list