Hello, If you know good documentation/Web pages about Security of Debian system and especially Web server, and how to set them right on Debian Box, please send me a note. Below is yet another story of hacker attack, which you may just ignore. Sorry if it is not exactly Debian issue.
Thank you, Sasha. -------------- ONE MORE STORY ABOUT HACKERS ATTACK -------------------------- Well it may be true that there really is a hacker contest these days. Here is the story: couple of days ago hacker broke into our SGI system, managed to get root password but was noticed very quickly (like 20 minutes). Did not do any harm to our knowledge. We are academic institution, and there is really not much of interest. Our system administrator was swearting for 3 day to figure out that he/she broke through WWW server using security hole in CGI module to steal vital file which they used to break in. It turned out that it was me who convince A to install this CGI module, which apparently I did not compile with all security knobs turned on in my laziness. Well the module is erased and good chunk of my pages that I was so proud of are gone. Right now System administrator is extremely concerned and I have very little chances to convince him to put my pages back. So perhaps I'll put them on my Debian box, but now (welcome to hell) I need to manage WWW security there. SPECIFIC QUESTIONS: 1. Is Apache WWW server considered reasonably secure? 2. I used CGI module for WWW interface to MySQL database, any recommendations for good-free-secure one? 3. We know when the hacker tried to login, and from where, (from AOL for example) Are there any friendly communities on the Web to contact to try to chase him down? (But I'm not sure it's worth the effort). Any thoughts about what bad things this hacker could possibly leave and we need to remove? Thanks again, Sasha. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
