My web site has been hacked three times in the last year. My assumption
is that the holes originate from some poorly written CGI's. What is the
best way to protect form this happening again? This is killing me!
I've set up a stand alone server and have re-written all CGI's to ensure
only acceptable characters are allowed. I've checked all permissions,
disabled every service except httpd and telnet, and I plan on running
SATAN to sniff out some other possible holes.
Anyone have any good links on security? Does anyone know how someone
gets into the server through the CGI's??
Any advise would be greatly appreciated.