On our Internet connected servers, besides using iptables to limit incoming connections, we are using TCP wrappers (hosts.allow and hosts.deny) to reject connections originating on untrusted networks.

Probably you’re already using iptables to block incoming traffic on port 22 (ssh), which is fine but what we want to do is increase security by using a more persistent method for blocking traffic. Don’t get me wrong, iptables’ rules can (and should) be made persistent but sometimes while trying new rules some key ports can be left open. Read the rest of this entry »

Running a check on Apache’s default logs (/var/log/httpd/access_log), I found attempts to exploit the server thru a “backdoor” in Horde.

I haven’t fully checked what could be done with this exploit but certainly leaving the affected script unprotected is an open invitation for trouble. Read the rest of this entry »