On Mon, 3 Apr 2006, David B. wrote:
> hi, I see 3.9 is getting ready to be released. Do you plan on bundling
> Apache2 with it? it would seem a logical thing to do, since the Apache
> version currently bundled with it seems to have problems.
>
> I just lost my entire development box to a hack this week, right through
> smoothwall's DMZ. I had apache up, postgresql installed with the mod_php as
> the middleware. All settings were default and the only port I had open was 80
> through smoothwall. I even had all packets dropped that came from asia, south
> america and africa.
>
> The point being, if you sell security as your market niche, you might want to
> make sure that, at least, Apache be up to date, and not a version from 5 years
> ago where who knows how many hacks there are out there for it.
>
> I don't mind rebuilding my development box from scratch because that's why I
> had it on the net like that anyway, simply to see how long it would take for
> someone to crash it. It took less than a month - that's not very good from a
> default security viewpoint.
>
> I'm assuming of course that Apache is the problem, as there are no logs or
> anyway to tell what happened, but the hard drive started to make an awful
> screaching sound as the drive was apparently being forced to track the heads
> back and forth very quickly. The drive is fine, but apache and postgresql
> won't start, and the wtmp file was erased, so that when I did a 'last' only my
> most recent login came up.
>
> Anyway, it would be nice if Apache 2 were available for 3.9
You are very uninformed, to say it nicely. Please search the archives
for discussions of this topic.
The version of httpd we have has all the bugfixes and MUCH more. It is
not the same as the "version form 5 years ago". Apart from that,
Apache2 won't make it into OpenBSD.
If you install a buggy php app, then it's your problem.
-Otto
