Anybody getting ssh bruce force attacks?
Dustin Runnells
dustin at runnells.name
Sun Nov 20 21:03:14 MST 2005
Dustin Runnells wrote:
> if (crypt($password,"ab") == "myCryptedPassword") {
Sorry to reply to my own post, but now that i look at it, that if should
probably actually check if $error has anything. And assuming register
globals is off:
$PHP_SELF = $_SERVER["PHP_SELF"];
$password = $_POST["password"];
should be in there somewhere.
On the bad scale, how bad is it to have iptables in sudoers for the
apache user anyway?
--
Dustin Runnells
dustin at runnells.name
More information about the lfs-security
mailing list