Re: Advice needed, trying to find the vulnerable code on Debian webserver.
On Tue, 15 Jun 2004, Ross Tsolakidis wrote: I'd appreciate some help on how to stop this from happening. Run something like aide so you can detect when it goes wrong (though there are some caveats it does not sound like they will hit you) and run a netflow-collector next to it, if you can. That way you can easily discover where it is coming from and why. Doesn't the logging on your loghost show anything? Jan -- /~\ The ASCII / Jan Meijer \ / Ribbon Campaign-- --SURFnet bv X Against HTML/ http://www.surfnet.nl/organisatie/jm/ / \ Email http://cert-nl.surfnet.nl/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multiple SSL Virtualhosts on Apache 1.3
The trick is to use the same Certificate for every Virtualhost, which will of course generate a warning on browsers, due to certificate not matching most of the sites names. But it does work. I disagree ;). It works in your eyes but the user will only see the warning pop-up. That will generate questions. Not good. Since I read several at several places on the Web that it was not possible to build several HTTPS VirtualHosts on the same IP/Port, I'd like to add this to the discussion. Your comments will be appreciated. Did you check this tidbit? http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multiple SSL Virtualhosts on Apache 1.3
The trick is to use the same Certificate for every Virtualhost, which will of course generate a warning on browsers, due to certificate not matching most of the sites names. But it does work. I disagree ;). It works in your eyes but the user will only see the warning pop-up. That will generate questions. Not good. Since I read several at several places on the Web that it was not possible to build several HTTPS VirtualHosts on the same IP/Port, I'd like to add this to the discussion. Your comments will be appreciated. Did you check this tidbit? http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 Jan