Adding to what's been said so far (and if repeating please consider it
as "double emphasis" :-) I'd recommend:
1. Do not run anything not needed on the server. Make sure to look not
only in system services level but in the service level itself. E.g: run
on the web server only what you need on it. I had a server hacked
through some exploit in OpenWebMail application, revealed two weeks
before the break in. This web mail application was only tested at the
time, with no plans on implementation, but I still left it on the
system... . If you do not need PHP, for example, remove/disable it
altogether. If you do, carefully refer to security guides on the net.
Yes, its all quite time consuming.
2. You must subscribe yourself to mailing lists dealing with security
issues to get advisories on time (see (1) above for the reason). The
minimum is from your distro (every distro has such) but I wouldn't
settle for this only but subscribe also to mailing lists about the
services on your system (again, system level services and more granular
services like web applications and other stuff you have on this server).
Boaz.
Ori Idan wrote:
A server I managed was hacked by a libian hacker.
The only thing he did was changing the index.html of some web sites.
The server is based on fedora core 2
running:
httpd
sendmail
bind
proftp (through xinetd)
ssh
Any ideas how he could have done it?
What should I do to prevent such hackes in the future?
--
Ori Idan
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
