|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Security-Discuss] Apache2 mod_proxy and 9.2(.1)
From: Vincent Danen (vdanen
mandrakesoft.com)
Date: Tue Aug 10 2004 - 10:30:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Aug 10, 2004, at 7:56 AM, bobnleaudio.com wrote:
> Hello People,
>
> Here is what appears to me to be another real problem.
>
> In -all- of my 9.2 or 9.2.1 boxes that have apache2 installed,
> mod_proxy
> is enabled. I never specifically enabled this. I only discovered it
> when one of my boxes (on a RR line) started generating huge amounts of
> traffic, as a spammer had found the proxy, and was using it to do his
> dirty work.
>
> If the default install of Apache2 isn't enabling this, then there must
> be some other RPM that is. Any ideas?
The apache2-mod_proxy rpm?
You have it installed which means, as far as the system is concerned,
you want it enabled. I don't particularly agree with that methodology,
but that's what we have. Ie. if you install a service, such as postfix
or ucd-snmp or something, you must want it starting right away, and
it's enabled. I believe the same is true with apache modules.
For apache modules, php modules, etc. I'm a little more forgiving. If
you have it installed, you likely do want to use it. It's a little
different than "install service xyz, start xyz by default", which
really irks me.
Either comment it out or remove the apache2-mod_proxy rpm. At some
point you installed it.
--
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFBGOoGIEPQ5f5vKv0RAmMNAJ9apDV6JppQyo9ajcSrM0Bw9CqSvQCfXY3x
EDlY3TS4XYyi1zBaVjv/yX0=
=66P3
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]