|
Hm, we have mixed results with security
regarding cPanel and CentOs (or any distribution really). It seems like anytime
there are forums involved, an insecure /tmp directory, or the default cPanel
services all left enabled, you’re headed for trouble. That’s just my opinion. -Drew From:
centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Karl Balsmeier Hi, I have servers of mixed OS, some Centos, some Fedora, and after the
flame war that erupted last week (where I said basically nothing and just
watched), my server was hacked by this team of hackers, actually their friend: This made Karanbir's statements about mixing Cpanel and Centos (any
maybe any linux distro) come true very quickly. If one of the top package
maintainers says this, it bears weight. I'd like to know more about this subject, specifically on the package
front, for security's sake. Karanbir, can you restate the issues with Cpanel please? They are
trying to recommend CentOS as the OS to install on, and even that Linux Journal
article did -and before anyone else wastes their time, -let's get everything
out in the open so that there's a pipermail archive trail for future folks
'googling' for info later on pros/cons of using, or avoiding use of,
non-complimentary projects/technologies. Is the issue that both parties maintain separate packaging/updating
regimes and have little or no successful communication as far as keeping thing
secure and up to date? That seemed to be what you said, -and if I had the old email, i'd just
run with it's advice. Also, can you list the IRC channels you mentioned last time that
contain the various hackers bragging about freshly broken Cpanel/Centos
builds? Freenode right? Any others? I've been on IRC back
when BITNET was still active and there wasn't even mosaic yet, but have always
avoided it after 1992 because of hackers 'sniffing for future targets'. William, Jim, Johnny, -any comments are truly welcome, -anyone
really. Basically i'd like to help stop or curtail the 'open season' this
set of circumstances is creating for hackers, -I have already decided to avoid
Cpanel on Centos as it is, -my server that was hacked with Cpanel was not a
Centos box, and those that have it, have been shut down. The server next to it was *also* hacked, and that *was* a centos
machine, with only a yum update from 3 days prior. Is it really
recommeded that I run yum update evry night then? It was stunning to have
a box up for 3 days and then get owned so fast. Luckily this was for my personal business entity, and not my full-time
job, which indeed does run 50-70 Centos servers behind layers of firewalls and
other protections, and *no* commercial products, only centos packages by Dag or
Karanbir. To anyone in the mood for scolding, please hold off OK? I'm not
in the mood for overbearing attitudes right now. I'm trying to run a
business and seek solid answers. I see Centos as a reliable alternative
to commercial offerings *if* you pay careful attention to what the senior staff
and relevant discussion groups advise. As for the team of hackers, if anyone knows who this is, or can point
out who they might be or how to ban them, -that is also most welcome. Hacked By Crackers_Child For Peace DONT WAR ! Greetz : X_Alperen_X, XTech Inc , Metlak, Root_Mor,Dr Hacker, Dr.Jr7
,Dr,Dermann,Code_Power,CukurOvalý ALL My Friends And All SiberSavascilar.Com Members ! Stay in the know. Pulse on the new Yahoo.com. Check it
out. |
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
