I feel obligated to add, that I to see a dozen or so attempts to put hack my web servers, all of which do fail.
They fail for the following reasons:
1) I check the user list almost every day looking for new users that i didn't add.
2) I change the passwords of users that appear to be administrative. Sometimes people at the OS shop leave passwords blank or set the same as the username. It doesn't slow down root one bit using these accounts so with the acception of bin and adm, I set passwords.
3) I'm constant monitoring the access_log, the error_log,/var/log/messages,/var/log/maillog for suspicious stuff. I've turned up the logging level on everything, including iptables to the max I can tolerate looking at.
4) When I see the work of script kiddies i block via iptables. They key is access attempts that don't look like search engines. They try and run scripts like hostform.cgi without running the web page that loads that script. See next note.
5) Don't use common names for cgi scripts. The spammers that were bothering you before just picked common names like hostform.cgi and ran then, looking for standard names with fieldnames that can accommodate a few hundred email addersses.
Summary:
1) User accounts
2) Sendmail security
3) apache security(chroot pita, still working on that).
4) Eyeball patrol scanning the logs.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
