On Fri, September 26, 2014 8:32 pm, Always Learning wrote: > > On Fri, 2014-09-26 at 16:05 -0700, John R Pierce wrote: > >> no. mod_cgi launches /bin/sh and passes it the command, even if the >> file doesn't exist. and /bin/sh is linked to bash > > Don't use cgi. Have no /cgi directory. Don't load mod_cgi > > Bash is patched (updated to new version). Automatically bloke IPs of > anyone trying to hack Apache. Am I safe ? > You are. But if you run the server you do want to serve what you want to serve. Now, imagine hotel, everybody in it is behind a single router. One person has hacked machine that tried to tap into your server. You block the IP, therefore everyone in Hotel... Now do you want to serve it? If not why to start Apache at all? However, my case is different. If servers of our Departments don't serve anything [we need] to everybody, they do not need me, sysadmin, desktop support guy will be more suitable (and probably less expensive). Just my $0.02 Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++