On Sat, 10 Nov 2001, N Jagadish wrote:
> i am having serious security problems in a
> installation i have done which is a mail and
> web (proxy also) server for an organisation.
>
> The system is a Compaq server with RH7.0 and
> apache running. pranksters seem to get in
> thru' some bug in Apache 1.3.12, httpd.conf,
> get root access and run IRC bouncers PsynBNC,
> eggdrop and bring the machine to DoS !
>
> i have taken care to disable most of unwanted
> utilities thru tcp wrappers, setting up hosts
> .allow, hosts.deny and not running some daemons
>
> any info in this regard is most welcome
Upgrade or disable Apache?
Latest 1.3.x series Apache is 1.3.22, or go to version 2 - currently at
2.0.16 {_very_ beta - use at your own risk}.
DaZZa
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
