[H-GEN] Installing a website!
Harry Phillips
harry at tux.com.au
Tue Aug 9 19:31:40 EDT 2005
On Wed, 2005-08-10 at 09:00 +1000, Sandra Mansell wrote:
> >
> >
> 5 years my box was on the net with ssh open to root and a dictionary
> password (without my knowledge obviously) and in that time it got pwned
> ONCE. It was also running a website for oh, about 3 years of that.
hmmm maybe I am *too* paranoid, but then is there such a thing as "too
paranoid"? I have SMTP open but only to my web host IP, everything that
goes into the catchall there gets forwarded to my static IP.
I have ssh open but not to root and not with a dictionary password.
> I
> assume by 'leet hackers' you mean 'script kiddies'. They're not terribly
> smart and tend to just use software to do it for them.
I see lots of failed ssh connections in my logs and no *most* of them
aren't real creative.
I have the IP address from the attacks at 9:17, is there a way to find
out which OS that is running?
> If his box isn't
> running anything but a webserver and he either locks down ssh to local
> IPs or completely denies it and uses local access to do stuff, he'll be
> a lot better off. He's already got it behind a NAT box.
>
I suppose if all he does is forward port 80 only then he should be
right. As I said in another post I forward everything and then use
IPTables to allow/deny what I want.
--
Regards,
Harry Phillips
More information about the General
mailing list