1. run it behind a decent firewall ( even pf,iptables logs should give you some idea about who's accessing your computer and using which service )
2. dont run anything with root 3. run chrooted env's if possible 4. reinstall using something more updated system and dont install anything you dont need, skin it down 5. configure firewall and services ACL to allow remote access (SSH) or service level (BIND) access from known ips/networks 6. honeypots and monitoring scripts 7. rootkits 8. IDS can come in handy to alert you on hazardus actions on the server (snort?) 9. hide all information about application names and versions, same goes for OS, search for OS hardening guides On Sun, April 8, 2007 00:33, Ori Idan wrote: > A server I managed was hacked by a libian hacker. > The only thing he did was changing the index.html of some web sites. > > > The server is based on fedora core 2 > running: > httpd sendmail bind proftp (through xinetd) ssh > > Any ideas how he could have done it? > What should I do to prevent such hackes in the future? > > > -- > Ori Idan > > > > !DSPAM:4618103d188168008797548! > > Best regards Baruch Shpirer http://www.shpirer.com Paranoids are people too, they have their own problems. It's easy to criticize, but if everybody hated you, you'd be paranoid too. <D. J. Hicks> ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
