Re: [cobalt-security] Raq4 BIND ok ? What about a htaccess folder ?

["Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>]

ICDServers wrote...
>I have installed all available updates
>on this raq including the BIND update on the RAQ 4 download page.
>Can anyone tell me if this will be sufficient for now or do i need to add
>more updates ?

As always, it pays to be vigilant, basically make sure you keep up to date
with bugs and vulnerabilities as they emerge - see, for example, CERT,
BugTraq, SecurityFocus.com.

Since the BIND issue, the last major problem I know of was with secure shell
version 1 (and the implementation of this in secure shell version 2).

Eg, see http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

>Also I would like to know how to use a .htaccess file to secure a folder on
>one of my virtual sites.
I would suggest that if you don't know that, you should not be posting to
this list, as it is basic knowledge to any professional web server
administrator, or anyone who offers services using these facilities in a
professional manner. Such information can easily be found by actually
reading the Apache manual, this list is more about vulnerabilites where
systems like Apache might be found to be not operating as securely as their
documentation states they should.

For your information:
http://www.euronet.nl/~arnow/htpasswd/documentation.html
http://www.apacheweek.com/features/userauth
were found by searching google for "how to use .htaccess", and:
http://httpd.apache.org/docs/
is the Apache webserver documentation. I believe Raqs also come with a web
interface for administrating such things.

Cheers
Stephen