[H-GEN] Installing a website!

Harry Phillips harry at tux.com.au
Tue Aug 9 19:31:40 EDT 2005


On Wed, 2005-08-10 at 09:00 +1000, Sandra Mansell wrote:
> >  
> >
> 5 years my box was on the net with ssh open to root and a dictionary 
> password (without my knowledge obviously) and in that time it got pwned 
> ONCE. It was also running a website for oh, about 3 years of that.

hmmm maybe I am *too* paranoid, but then is there such a thing as "too
paranoid"? I have SMTP open but only to my web host IP, everything that
goes into the catchall there gets forwarded to my static IP.

I have ssh open but not to root and not with a dictionary password.

> I 
> assume by 'leet hackers' you mean 'script kiddies'. They're not terribly 
> smart and tend to just use software to do it for them.

I see lots of failed ssh connections in my logs and no *most* of them
aren't real creative.

I have the IP address from the attacks at 9:17, is there a way to find
out which OS that is running?

> If his box isn't 
> running anything but a webserver and he either locks down ssh to local 
> IPs or completely denies it and uses local access to do stuff, he'll be 
> a lot better off. He's already got it behind a NAT box.
> 

I suppose if all he does is forward port 80 only then he should be
right. As I said in another post I forward everything and then use
IPTables to allow/deny what I want.

-- 
Regards,
Harry Phillips





More information about the General mailing list