Phishing - Linux boxes are vulnerable

Chris racerx at
Thu Oct 4 23:16:47 UTC 2007

On Fri, 5 Oct 2007 08:48:25 +1000 (EST)
Res <res at> wrote:

> 6. use a respected server OS, one that doesnt hack the f#ck out of
>    programs like RH(CentOS) do

Umm - I hate to toss a munkey wrench into the mix, but if you really
want a reliable SERVER OS, my choices would be OpenBSD, NetBSD or

> 6a. use modern current packages of apache2, php5 and MySQL,Sendmail
> etc from the respective sites, and not by use of RPM's because its too
>      "vendor altered" which is where 90% of the security issues come
> into it.

Modern, most current isn't always the best way to go either.  You need
to be a little savvy.

> 7. ban use of any but most current version of phpnuke (ban totally if
> you can) and those frickin image gallery programs.

Read up number 6a.

> 8. use a decent detection system


> 9. use something like MailScanner with spamassassin adn a good
> anti-virus on your mail server to minimise the exploit opening in the
> first place

While Mailscanner is very good - you need to know your MTA also.
(unless things have changed) Mailscanner and Postfix was a no-no.

> 10, follow same rules as you would on winblow$, no running stuff you
> dont know what it is, no clicking on links in mesgs you dont know the 
> sender, its all basic sence :)


Best regards,
Registerd Linux user number 448639

More information about the users mailing list