Hello Petter
The actual list for security issues is debian-security. The address of this
list its
on the CC. We can now leave debian-user and switch our discussion into
debian-security.
This is quite hole! Can't believe there's such a big spot in Apache / Sarge and
we
didn't heard of it. Can
Hi
I'm not completely new to Debian or Linux, but I wouldn't classify
myself as a battlescarred sysadmin just yet :)
Anyways. My problem is security-related, and I hope that I'm posting to
the correct list as well as hoping that someone can help me out here.
Recently I've noticed that my
Please keep the posts in the debian-security list only!
I apologize. It happens because I did cross post in both lists in the first
place.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Mar 07, 2006 at 12:37:42PM +0100, Ismail wrote:
Recently I've noticed that my Apache-installation gets violated and that
an intruder somehow manages to put stuff in /tmp and /var/tmp. Then it
makes Apache execute these. Unfortunately these are some rather nasty
things, mostly
This one time, at band camp, Josep Serrano said:
Hello Petter
We still don't know for what do you use your apache. Most of the problems
come from
poor PHP scripts. What scripts/services are you running in this server?
I strongly suggest this as the source of your problems. In my
At 1141730613, Petter Senften wrote:
Recently I've noticed that my Apache-installation gets
violated and that an intruder somehow manages to put stuff
in /tmp and /var/tmp. Then it makes Apache execute these.
Do you have mod_cgi installed and activated? If you are not
using it, disable it.
I had a similar encounter about 2 months ago. The intruder exploited a
PHP script that was poorly written. If you check your http access logs,
you will most likely find an entry about the PHP that is been exploited.
Once you find the offending PHP script, you can either remove it or
add
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
Moritz Muehlenhoff
Envoyé : mardi 7 mars 2006 14:21
À : debian-security-announce@lists.debian.org
Objet : [SECURITY] [DSA 987-1] New tar packages fix arbitrary code execution
-BEGIN PGP SIGNED
Am 2006-02-27 15:31:20, schrieb martin f krafft:
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.25.2036 +0100]:
debian-security is allready mirrored by some servers including
ftp://ftp.de.debian.org/debian-security/
You are not really supposed to use those as they are
9 matches
Mail list logo