On Fri, 5 Oct 2007 08:48:25 +1000 (EST) Res <res@xxxxxxxxxx> wrote: > 6. use a respected server OS, one that doesnt hack the f#ck out of > programs like RH(CentOS) do Umm - I hate to toss a munkey wrench into the mix, but if you really want a reliable SERVER OS, my choices would be OpenBSD, NetBSD or FreeBSD > > 6a. use modern current packages of apache2, php5 and MySQL,Sendmail > etc from the respective sites, and not by use of RPM's because its too > "vendor altered" which is where 90% of the security issues come > into it. Modern, most current isn't always the best way to go either. You need to be a little savvy. > 7. ban use of any but most current version of phpnuke (ban totally if > you can) and those frickin image gallery programs. Read up number 6a. > 8. use a decent detection system Agreed > 9. use something like MailScanner with spamassassin adn a good > anti-virus on your mail server to minimise the exploit opening in the > first place While Mailscanner is very good - you need to know your MTA also. (unless things have changed) Mailscanner and Postfix was a no-no. > 10, follow same rules as you would on winblow$, no running stuff you > dont know what it is, no clicking on links in mesgs you dont know the > sender, its all basic sence :) *nod* -- Best regards, Chris Registerd Linux user number 448639
