> -----Original Message----- > Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? > Oh hell.... > > Basically, audit every app out there you plan to use - the > people who write these web applications often don't take > security into consideration before they upload them to their > server for your consumption. > > Ditto ditto ditto. And it is wise, although very time consuming, to look at all programs loaded onto your centos too. Mysql comes with a number of ways to get full access unless you go right in and change localhost/localdomain user/pass and delete the two extra accounts... And that is just one. Rarely, rarely, do I see a application built from security first as far as web apps. Dang scary. If you are using a popular program an exploit will be done automatically to every site that has it. Since each install uses the same pages basically, it is easy for a autobot to find them all and zero day your forums, xss your whatever, and so on. Dang scary to leave JS on at all....even though you basically have too.