hello all. what exactly has to be done to secure apache ssl on a 8.1 ? my config apache 1.3.26 mod_php 4.2.2 openssl 0.9.6g it seems as if some guys are able to drop and execute scripts via apache, and let them execute. the last one executed locally, but got caught by iptables, while trying to open local ports and create a connections to a remote host on the following ports : DPT=4045 DPT=3306 DPT=682 DPT=2620 DPT=662 DPT=277 DPT=400 DPT=1422 DPT=638 DPT=1462 DPT=555 DPT=1377 DPT=386 DPT=2003 DPT=2034 DPT=498 DPT=766 DPT=680 DPT=1532 DPT=1000 DPT=1349 DPT=803 DPT=335 DPT=1234 DPT=1427 DPT=7326 DPT=612 DPT=129 DPT=395 DPT=798 the next run, it used a different local port, and used the ports mentioned above the other way around. any ideas ?? -----Ursprüngliche Nachricht----- Von: Peter Wiersig [mailto:wiersig-ml@dns.glamus.de] Gesendet: Freitag, 30. Mai 2003 12:38 An: suse-security@suse.com Betreff: Re: [suse-security] iptables error Rodel Collado Urani wrote:
ip_tables.o: init_module: Device or resource busy
Check with "lsmod" if a module named "ipchains" is loaded. If so, unload it with "rmmod ipchains" and try again. Peter -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here