> As Russell Coker points out, the attaccer probably got in trough > apache and a vulnerable CGI script. > When you reinstall, be sure you dont run any insecure CGI's. > There is probably a bunch of other improvements jou can do.
DOH... I just posted saying that in my previous email before reading his message! Bah... Russell gets credit for it ;-) > > Mount /tmp with noexec > Run a hardened kernel like NSA or Grsecurity. > etc. > What would the advantage of mounting /tmp with noexec be?? Definitely looking into running a hardend kernel now... especially after all this crap. Only thing that's been holding me back is the amount of work it would entail.....
