Well, *MOST* of HFX does it as a profession.
Sad to say, that I just can't (and don't really want to).. not now anyways. I don't do much at all these days..
And while I don't have much exp with apache or any httpd for that matter, I think I can offer some ideas.
But first.. there is something I said along the lines of...
Read, read and read some more. And while you're at it, experiment again and again. Then repeat it all over.
It's kind of like reading a book (on any subject, non-fiction or fiction).. The first time you pick it up and read, you are unaware of what will be in it. And who this character is (assuming a novel)... those kind of questions. But you get interested in it by a hook. So you read more and things become more clear as you progress in the book. So you finish... And you understand everything and it was a good read. But what would happen if you picked it up again.. and started reading it again. You would get a different perspective and a little more knowledge. You could figure out things you never realized that make it even better. Reading more than once is a very good thing, especially for non-fiction but even fiction.
And.. Shakespear used Old English and it may be hard.. but the more you read the easier it becomes. Mark Twain (Samuel Clemens) wrote in the south a lot, so with different dialect. You may find it's hard to read at first but you get the hang of it. So yeah, experimenting is quite a good idea.
That was just an analogy that I came up with out of thin air.. But I think it is quite appropriate here.
Now, as far as letting others access your own machine at your house.. hard to say if that's a bad, neutral, or good idea. Truth is, machines need to be accessed all over the world. It probably depends on what precautions you've taken. And whether you keep up to date or not. It also depends on what is running there and what it allows the user to do (platform, operating system, any other device that could be a problem, the daemon itself.. other processes that could cause problems.. all things to think about). Oh and don't forget configurations too.. I got root on a linux box.. someone had given me shell access prior and then he installed WebMin... he gave me an account to look around and I was goofing around and I realized that I was actually with root on a 'web shell'. Stupidly I changed the /etc/issue file and forgot I didn't restore it. Well the next time he logged in from the console he saw this message from me.. he was really scared and instally killed my account (which I am fine with and even understand). I talked to him later on. He was okay. The bad thing is he asked me to not root him, and yet, this wasn't even looking for holes and making an exploit or anything like that.... Reason I touched any files was to see what was going on... if I did an 'id' on the webmin shell then my uid was 0 and I was root, but on the regular shell... I was whatever uid I had. It's all about experience. And actually, I did feel really bad about that. It's not like I intentionally tried to do anything to his system but still scared him.. I had forgotten about that until now.
One thing that came to mind when reading your (CBK's post)..
Are you trying to figure out how remote and local access work and such ?
Maybe this would help, maybe not:
Create two networks and make them totally apart. On one segment, set up Apache. On the other one, get a client. Take a look, and try to see what might be possible. The idea of this is basically trying to figure it out. And I realize that this idea probably doesn't make that much sense, including technologically. But it kind of gives you the idea I think. Or you could have one look at it from the outside... someone you trust.
Ever read Dan Farmer's _Improving the Security of Your Site by Breaking in to it_ ? Same approach. They (he and his colleague who I can never spell) look at different vulnerabilities, holes, etc. They then present it from what you would see on your system.. Then they show you how it is exploited. I think that's a very good aproach. They were the ones who wrote SATAN and if I'm not mistaken, they were the one who wrote COPS as well.
READING + EXPERIMENTING = LEARNING
that is a good way of putting it and again, don't know what made me think of that..
Met
