-----Original Message-----
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Basically, audit every app out there you plan to use - the people who write these web applications often don't take security into consideration before they upload them to their server for your consumption.
Ditto ditto ditto. And it is wise, although very time consuming, to look at all programs loaded onto your centos too. Mysql comes with a number of ways to get full access unless you go right in and change localhost/localdomain user/pass and delete the two extra accounts...
And that is just one.
Rarely, rarely, do I see a application built from security first as far as web apps. Dang scary. If you are using a popular program an exploit will be done automatically to every site that has it. Since each install uses the same pages basically, it is easy for a autobot to find them all and zero day your forums, xss your whatever, and so on.
Dang scary to leave JS on at all....even though you basically have too.