<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>All I do is set permissions of what can access what & from where. The problem I have found is that if you spoof a referrer then it is possible to bypass some of the security. So, if there is more that can be done in web security I'd be interested in that.</span></div><div><span><br></span></div><div><span>It would be interesting to compare "Linux Mint Debian Edition" (LMDE) with the virgin Debian. At one time LMDE was like Debian 'Testing' but with the Mint desktop and the various drivers pre-installed etc. out of the box. Now they delay upgrades for a month to achieve more stability. I assume though, that if you are installing Debian, it will be an old stable version rather than a daily update.</span></div><div><br><span></span></div><div><span>Brian<br></span></div><div><br></div><div style="font-family: times
new roman, new york, times, serif; font-size: 12pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><font face="Arial" size="2"><hr size="1"></font><br>On Thu, Oct 6, 2011 at 7:41 AM, Alice Kærast <<a ymailto="mailto:kaerast@computergentle.com" href="mailto:kaerast@computergentle.com">kaerast@computergentle.com</a>> wrote:<br>><br>> It's more likely to be PHP or cgi scripts than Apache itself that has<br>> vulnerabilities. Best practise is to limit what the user running Apache can<br>> do to try and limit your risks. However if you're running a control panel<br>> then it's going to need access to a lot of things; if you can create new<br>> users from your web control panel then so can anybody who finds a<br>> vulnerability in any php/cgi scripts.<br><br>+1<br><br>> There's things like mod_security for Apache which can help, but it needs<br>> lots of tuning and rule writing. Maybe you
can also limit access to the<br>> control panel by ip address and ssh/vpn in if you need remote access.<br><br>+1<br><br>> And it goes without saying that everything should be kept up to date. I've<br>> seen a number of instances recently where vulnerabilities in WordPress<br>> plugins or other PHP software has led to either malware being hosted or PHP<br>> shells being run.<br><br>+1<br><br>And subscribe to the announcement lists for Apache, PHP, Debian etc<br><br>Robert (wondering about whether we could all meet up for a BradLUG<br>special on this in a coffee house sometime)<br><br>_______________________________________________<br>Bradford mailing list<br><a ymailto="mailto:Bradford@mailman.lug.org.uk" href="mailto:Bradford@mailman.lug.org.uk">Bradford@mailman.lug.org.uk</a><br><a href="https://mailman.lug.org.uk/mailman/listinfo/bradford"
target="_blank">https://mailman.lug.org.uk/mailman/listinfo/bradford</a><br><br><br></div></div></div></body></html>