On Fri, September 26, 2014 8:32 pm, Always Learning wrote:
>
> On Fri, 2014-09-26 at 16:05 -0700, John R Pierce wrote:
>
>> no. mod_cgi launches /bin/sh and passes it the command, even if the
>> file doesn't exist. and /bin/sh is linked to bash
>
> Don't use cgi. Have no /cgi directory. Don't load mod_cgi
>
> Bash is patched (updated to new version). Automatically bloke IPs of
> anyone trying to hack Apache. Am I safe ?
>
You are. But if you run the server you do want to serve what you want to
serve. Now, imagine hotel, everybody in it is behind a single router. One
person has hacked machine that tried to tap into your server. You block
the IP, therefore everyone in Hotel... Now do you want to serve it? If not
why to start Apache at all? However, my case is different. If servers of
our Departments don't serve anything [we need] to everybody, they do not
need me, sysadmin, desktop support guy will be more suitable (and probably
less expensive).
Just my $0.02
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
