Use md5 passwords and require longer passwd next time !?! First of all, there are "lots" of tweaks to secure debian in http://www.debian.org/doc/manuals/securing-debian-howto/ I haven't read all of this thread here, but if it's only a LAMP system, I would clone it building a new machine secure from the start (using the above reference), copying and verifying piece by piece all config elements, and finally copy the web data and migrate from the original to the clone. Once hacked, it is too hard to say if the machine is surely secured to keep it in production IMHO. ++
-----Message d'origine----- De : Paolo Pedaletti [mailto:[EMAIL PROTECTED] Envoyé : vendredi 22 juillet 2005 11:32 À : [email protected] Objet : Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie) ciao Thomas Sjögren, > . Better passwords like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options and... - send syslog (better syslog-ng) entries to a log-server - chroot LAMP - run nessus against the server - run snort on server - ... (what else?) If he had enough time, he could put your LAMP-server beyond a transparent forwarding-server and log everything. HTH -- /* Paolo Pedaletti, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
