Menu
▾
▴
Re: [SL] SQL-Ledger vulnerability CVE-2006-4244
|
From: Luke <sl...@li...> - 2006-09-17 04:25:50
|
On Sun, 17 Sep 2006, GeorgeOsvald wrote: > I have had servers on line for the last three years. No problems so far. It > works very well for me. I asked a question some time ago during all the > commotion if anyone ever had any security breaches. So far zippo. I have had many servers on line for years as well. While I haven't, that I know of, had direct attacks against SL: almost from the week that our static IP addresses were assigned to machines, various machines have been under attack. The most common are attacks against apache (hard to prove), and definite attacks against our necessary public FTP server and name servers. I have no doubt, that it is only a matter of time before SL gets attacked. SSL does not prevent it, and we can't really block based upon IP addresses, because of mobile client users. For the same reason, it is difficult to implement any kind of htaccess authorization scheme, unless I write one that interfaces with SL's existing authorization system. It is not always possible, or reasonable, to bullet-proof a server as you claim to have done. Luke |
