&nbsp;<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Linux OTOH can be set up so, for example, the MySQL database could only be accessed via 
<a href="http://127.0.0.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1</a> if it was only for the local webserver, or opened up only to the hosts that need to access the database server.&nbsp; Furthermore, IPTables could be set up so that requests to TCP/3306 is accepted by the authorised hosts and denied by everyone else, and better still, those hosts would be sited on a dedicated network interface or vLAN so the IPTables can restrict by layer3 port which protects from spoofing.
</div></blockquote></div><br>All of which is irrelevant if the attack vector is a broken PHPNuke or awstats installation.&nbsp; (It seems that web scripts are the most common way in, as they&#39;re very wide-spread, not updated regularly on hosts (if upgrading is a pain), and often not audited well.)
<br><br>From there, you can get a local shell as a user.&nbsp; It becomes an issue of what you can do from there.&nbsp; Wreak havoc as the apache user, for starters, and quite possibly use a local root exploit. <br><br>Did you update your kernel?&nbsp; Did you reboot? Rebooting is tedious, and requires a scheduled outage.&nbsp; Maybe I&#39;ll just leave it till next week..
<br><br>Or don&#39;t care about becoming root, and just use the box as a drone on an IRC network.<br><br>Nothing stopping people doing these things on IIS, either.<br><br>Craig