On Thu, 2008-04-17 at 14:01 +1000, Michael Chesterton wrote:
On 17/04/2008, at 6:09 AM, Rick Phillips wrote:
1 possible successful probes
/long_path_to_file/../../../etc/passwd HTTP Response 200
With the environment (described above) in place, should I be
worried or
since you've professed a renewed confidence, this may be quite moot, but you
can always look at mod_security which will, amongst other things, stop the
directory traversal attacks which you have been suffering from.
Here's an article you may be interested in
I run my own web server and have done so for a number of years. The OS
is Mandriva Server 3 which is now 3 years old but still supported and I
keep it fully patched and up to date. I receive the security advisories
and act within hours on those. I have recently updated OpenSSH. I am
planning
Sounds like you are being very thorough in your security.
If you want to add another layer of defense, you can change your
Apache config to forbid download of the passwd file.
If your /etc/passwd file was really downloaded, it is conceivable a
password could be cracked, but you limit connections
On Thu, 2008-04-17 at 12:00 +1000, [EMAIL PROTECTED] wrote:
I run my own web server and have done so for a number of
years. The OS
is Mandriva Server 3 which is now 3 years old but still
supported and I
keep it fully patched and up to date. I receive
On Thu, 2008-04-17 at 12:00 +1000, [EMAIL PROTECTED] wrote:
Sounds like you are being very thorough in your security.
If you want to add another layer of defense, you can change
your
Apache config to forbid download of the passwd file.
jam wrote:
In all the years noone has ever tried my non standard ssh port!
Ditto. I use non-standard ssh/scp ports on all machines I
maintain. Works a treat.
The reason: I was getting hammered on port 22
and snort told me all about it.
cheers
rickw
--
On 17/04/2008, at 6:09 AM, Rick Phillips wrote:
1 possible successful probes
/long_path_to_file/../../../etc/passwd HTTP Response 200
With the environment (described above) in place, should I be
worried or
should I be confident that I have taken every precaution I can take?
I