On Thu, 2005-12-15 at 23:51 +0200, Dotan Cohen wrote: > You mention that this is not so important for http as it is with ssh. > Is this because apache is harder to compromise, or because if it is > compromised it is less dangereous? Most of the 'attacks' I get in my > apache log files are windows exploits. That will have something to do with it, but I'd hazard a guess along the following lines: Breaking into your SSH server allows them to do anything that you can do at the CLI. Breaking into a secure web server only allows them to do whatever exploits can be done to the webserver. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
