On 12/16/05, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > On Thu, 2005-12-15 at 23:51 +0200, Dotan Cohen wrote: > > You mention that this is not so important for http as it is with ssh. > > Is this because apache is harder to compromise, or because if it is > > compromised it is less dangereous? Most of the 'attacks' I get in my > > apache log files are windows exploits. > > That will have something to do with it, but I'd hazard a guess along the > following lines: Breaking into your SSH server allows them to do > anything that you can do at the CLI. Breaking into a secure web server > only allows them to do whatever exploits can be done to the webserver. > I suppose that if I'm not running anything other that my own self-brewed php scripts (and assuming that they are secure), that there is nothing exraordinary to worry about with apache- so I have decided to leave it on port 80. Apache is used on millions of webservers, so I guess that I have little to be paranoid about if all those sysadmins with years of experience are comfprtable running it! As for securing my own scripts, that is a different subject. Maybe I wil dig through the php-general archives on that one. Thanks. Dotan http://technology-sleuth.com/index.php ק
