Mike Wright wrote:
Jacques B. wrote:
<snip />
I'm no expert on this topic. But I do know a case where the
application that was running on the web server was exploited due to a
vulnerability in that application, not in Apache or the Linux box. I
suspect that is the case more often than not. Someone compromises a
web site that is running a vulnerable application. That site happens
to be hosted on a Linux box (because let's face it, a lot of web
servers out there run on *nix).
Hi Jacques.
I think you're right on the money there. Google for phpbb and hack for
an example of your point.
There's also a huge amount of ssh password-guessing going on, and with
most distos, ssh is enabled by default on port 22. What I've seen
appears to be very carefully time-constrained as though the programs
doing it are trying large numbers of machines at once and limiting the
attempts to any single machine to avoid notice.
--
Les Mikesell
lesmikesell@xxxxxxxxx
