-----Original Message----- From: CURTIS David [mailto:David.Curtis@state.or.us] Sent: Monday, December 06, 1999 11:32 AM To: Zope@zope.org Subject: [Zope] RedHat Secure Web Server 3.1 & Zope 2.1 & MySQL Sensitivity: Personal

Hi,

My Web site got hacked. I was told that RedHat Secure Web Server 3.1 can prevent certain types of attacks. Does Zope run on Secure Web Server 3.1? I was running Apache and Zope (ZAP) together before. Not knowing exactly the method of my server's breach makes it hard to prevent further attacks but what is best way to prevent such problems again?

As far as I know, RH Secure Server is just Apache plus SSL. It isn't in any way more 'secure' than plain vanilla Apache, it can just use strong encryption on your data. If there is an apache exploit that exists but is not yet fixed (say, a buffer overflow) it probably exists in RH's Secure server also. Also, since you say you don't know the nature of the hack, it could be completely unrelated to Apache or Zope. There are gobs and gobs of online security references. Start with the XDP (http://www.linuxdoc.org/) -Michel