| 1 |
On Thu, 26 Mar 2009 22:19:13 +0200 |
| 2 |
Nikos Chantziaras <realnc@×××××.de> wrote: |
| 3 |
|
| 4 |
> Alan McKinnon wrote: |
| 5 |
> > |
| 6 |
> > You mentioned elsewhere in the thread "web server" |
| 7 |
> > |
| 8 |
> > If that's the case, I'd be telling the hosting provider that 2004 called and |
| 9 |
> > they want their minutes back. Then I'd be looking for a different hosting |
| 10 |
> > provider. |
| 11 |
> |
| 12 |
> If indeed they're running off 2004 software, I would be interested to |
| 13 |
> know how many times people are defacing (or worse) sites hosted there :P |
| 14 |
|
| 15 |
If the server itself is http-backend (with ssh forwarded, too), located |
| 16 |
in dmz, what's the big deal? |
| 17 |
|
| 18 |
You can have latest and fairly secure apache/lighttpd/nginx/whatever |
| 19 |
out there, and, provided there are no holes in your scripts, the setup |
| 20 |
should be fairly secure. |
| 21 |
And that's probably most used line-of-defence on any web, since there's |
| 22 |
nothing more important for webserver than scripts - if you have www, you |
| 23 |
pretty much have it all. |
| 24 |
|
| 25 |
-- |
| 26 |
Mike Kazantsev // fraggod.net |
Archives