When I first started using Red Hat Linux 8.0 I was reading through the Red Hat Linux Security Guide and it said to always shut down Apache when logged in as root to prevent hackers from coming in through the web server. I've always done it because the Security Guid said to, but never really understood why. How would hackers come in through the web server? I realize that they could telnet in, but wouldn't they have to log in as a user? What exactly would happen? Can anyone tell me how this would be accomplished? It's annoying having to stop Apache when I log in to work on the system and then starting it again when I log out...
