1 |
On Thu, 26 Mar 2009 22:19:13 +0200 |
2 |
Nikos Chantziaras <realnc@×××××.de> wrote: |
3 |
|
4 |
> Alan McKinnon wrote: |
5 |
> > |
6 |
> > You mentioned elsewhere in the thread "web server" |
7 |
> > |
8 |
> > If that's the case, I'd be telling the hosting provider that 2004 called and |
9 |
> > they want their minutes back. Then I'd be looking for a different hosting |
10 |
> > provider. |
11 |
> |
12 |
> If indeed they're running off 2004 software, I would be interested to |
13 |
> know how many times people are defacing (or worse) sites hosted there :P |
14 |
|
15 |
If the server itself is http-backend (with ssh forwarded, too), located |
16 |
in dmz, what's the big deal? |
17 |
|
18 |
You can have latest and fairly secure apache/lighttpd/nginx/whatever |
19 |
out there, and, provided there are no holes in your scripts, the setup |
20 |
should be fairly secure. |
21 |
And that's probably most used line-of-defence on any web, since there's |
22 |
nothing more important for webserver than scripts - if you have www, you |
23 |
pretty much have it all. |
24 |
|
25 |
-- |
26 |
Mike Kazantsev // fraggod.net |