Re: (c 5.6) Running 2 versions of Apache ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, Aug 29, 2011 at 4:17 PM, Always Learning <centos@xxxxxxxxxxx> wrote:
>> That means he's not very good at it yet.  The ones you need to worry
>> about will send quick exploit tests cycling through different
>> destinations, that if they succeed will post to a central receiver.
>> Then later, likely from a different location, it will send the one
>> that attempts to escalate access to root and/or establish a connection
>> back for central control.  The point here being that an IP block
>> probably won't help much against an exploit that works well enough to
>> establish a distributed base.
>
> Thank you for this.
>
> If I can establish an effective block for wrong HTTP requests in
> IPtables for incoming port 80 traffic, back-upped by my Apache routine
> adding IPs to IPtables or .htacesss file and having screwed down access
> and egress for all other traffic, the only other enhancement I need is
> SELinux ?

It's always hard to guess what the next successful exploit might be.
With web servers they tend to be URLs that can be misparsed (by apache
or application level code) into arbitrary commands which may or may
not be combined with writing files somewhere and then trying to
execute them.  You  can avoid a lot of the problems by making sure
that apache can't write anywhere that is mounted with execute
capability.

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux