[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Bob Hoffman
bob at bobhoffman.comWed Jun 3 20:32:43 UTC 2009
- Previous message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message----- > Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? > Oh hell.... > > Basically, audit every app out there you plan to use - the > people who write these web applications often don't take > security into consideration before they upload them to their > server for your consumption. > > Ditto ditto ditto. And it is wise, although very time consuming, to look at all programs loaded onto your centos too. Mysql comes with a number of ways to get full access unless you go right in and change localhost/localdomain user/pass and delete the two extra accounts... And that is just one. Rarely, rarely, do I see a application built from security first as far as web apps. Dang scary. If you are using a popular program an exploit will be done automatically to every site that has it. Since each install uses the same pages basically, it is easy for a autobot to find them all and zero day your forums, xss your whatever, and so on. Dang scary to leave JS on at all....even though you basically have too.
- Previous message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list