CentOS - Aug 2006 - OT WAS: Johnny's postfix/dovecot/squirrelmail/virus scanning+ Centos4 Walk Through...

> 
> This website say "hacked..."
> 
> Please i seafch a lot for a guide with these products... if 
> anyone have 
> the guide, please put the url or something like...
> 
> Thanks a lot.
OK, I'll bite. I'm aware of how annoying it is to have someone peering
over your shoulder when you are in the middle of a crisis asking
questions, but I'm curious what it is that is making johnny's site so
vulnerable. Is it forum software? I hope it's not a hack against a
package in the base...
Anyway, just wondering because I have user's complaining about the fact
that I don't have their forum up and running. They may have to wait for
a long time.

Alex

On Wed, 2006-08-16 at 09:25 -0500, Alex Palenschat
wrote:
> > 
> > This website say "hacked..."
> > 
> > Please i seafch a lot for a guide with these products... if 
> > anyone have 
> > the guide, please put the url or something like...
> > 
> > Thanks a lot.
> 
> OK, I'll bite. I'm aware of how annoying it is to have someone
peering
> over your shoulder when you are in the middle of a crisis asking
> questions, but I'm curious what it is that is making johnny's site
so
> vulnerable. Is it forum software? I hope it's not a hack against a
> package in the base...
> Anyway, just wondering because I have user's complaining about the fact
> that I don't have their forum up and running. They may have to wait for
> a long time.
> 
> Alex
2 things ...

1.  I am hosed on a shared server with many other users.  I have the
latest patches and such for my CMS software, but this is a cpanel server
(no comments on cpanel security from me)

2.  I have some secret admirers who keep scanning my site and are
purposely hacking me.  Such is life when you are a OS devel, most normal
people wont get this volume of hack scripts tried against their site.

Anyway ... I will continue to harden the site and plug the holes the
best I can.  I'm sure my admirers will continue to try their f'ing hack
tools ... so we shall see how it goes.

Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060816/f02c9df0/attachment-0002.sig>

> Anyway ... I will continue to harden the site and plug the holes the
> best I can.  I'm sure my admirers will continue to try their f'ing
hack
> tools ... so we shall see how it goes.
>
> Thanks,
> Johnny Hughes
>   
And we'll look forward for the new HOWTO on server security when you get 
it all figured out

;-)

-Ben