Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



 

> -----Original Message-----

> Subject: Re:  Centos 5.3 -> Apache - Under Attack ? 
> Oh hell....


> 
> Basically, audit every app out there you plan to use - the 
> people who write these web applications often don't take 
> security into consideration before they upload them to their 
> server for your consumption.
> 
> 

Ditto ditto ditto.
And it is wise, although very time consuming, to look at all programs loaded
onto your centos too.
Mysql comes with a number of ways to get full access unless you go right in
and change localhost/localdomain user/pass and delete the two extra
accounts...

And that is just one.

Rarely, rarely, do I see a application built from security first as far as
web apps. Dang scary.
If you are using a popular program an exploit will be done automatically to
every site that has it.
Since each install uses the same pages basically, it is easy for a autobot
to find them all and zero day your forums, xss your whatever, and so on.

Dang scary to leave JS on at all....even though you basically have too.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux