 |
boardom
b2 message board
|
| View previous topic :: View next topic |
| Author |
Message |
Mister44
Joined: 31 Oct 2002
Posts: 237
Location: Philadelphia, PA, USA
|
 Posted: Wed Jun 04, 2003 12:47 pm Post subject: |
 |
|
| LjUpdate has actually not been vulnerable for quite some time. Unfortunately all my requests to have the distro on sourceforge either updated or removed have been ignored. |
|
| Back to top |
|
 |
allusion
Joined: 16 Jun 2002
Posts: 73
Location: Houston
|
| Posted: Sun Jun 08, 2003 12:12 am Post subject: |
|
|
Mister44, I just removed the one there. Send me an updated version and I'll put it up.
_________________
Matthew Mullenweg
Wordpress |
|
| Back to top |
|
|
Mister44
Joined: 31 Oct 2002
Posts: 237
Location: Philadelphia, PA, USA
|
| Posted: Sun Jun 08, 2003 1:38 am Post subject: |
|
|
| Backporting code from YABBOB is going to take a while. Is there anyway to put a pointer to the DevBlog up in place of the download link? (I know nothing about SourceForge's backend so forgive me if it is a dumb question.) |
|
| Back to top |
|
|
kayjay
Joined: 06 Mar 2003
Posts: 4
Location: Sydney, Australia
|
| Posted: Sun Jun 08, 2003 5:55 am Post subject: System security. |
|
|
Hi,
I just thought i might throw my 2cents in here in regards to raising the bar againsts hackers.
Setting up apache + mySQL in a chroot environment is not difficult, and it can seriously reduce the amount of damage to your systems if/when you are compromised. ie, Keeping the applications and their data away from the system binaries and libraries.
I have written a document on chrooting MySQL here: http://www.wiretapped.net/~kj/chroot-mysql-freebsd.txt
If you decide that it is too much work for you(!) , or just doesnt fit your needs i would also recommend running an operating system which is hardened, such as OpenBSD (which is easy to install, configure, and add applications such as php +b2 + mysql, apache comes in the default install.) As it really is a great product and the trackrecord and the development team's approach to security is next to none.
Because at the end of the day, your only as strong as the operating system your applications are running on, most if not all linux distributions are designed with funtionality in mind, not security, and they require quite a bit of work to lock down and harden against remote attacks and, in the case of web based application compromises, you need to lock the local machine down so that privs arent elevated if they do get a shell or are able to execute commands on your host.
anyways, just my 2cents in regards to some of the advisories i've seen out for b2, not all my suggestions would have solved or provided a solution to the issues in this thread, but at the end of the day, its all about raising the bar against attackers.
all the best,
./kayjay |
|
| Back to top |
|
|
allusion
Joined: 16 Jun 2002
Posts: 73
Location: Houston
|
| Posted: Mon Jun 09, 2003 6:48 pm Post subject: |
|
|
Nope you can only have downloads in that section.
_________________
Matthew Mullenweg
Wordpress |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2 © 2001, 2002 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
