From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FyNDd-0006Hs-5N for garchives@archives.gentoo.org; Thu, 06 Jul 2006 06:20:09 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k666INRA017356; Thu, 6 Jul 2006 06:18:23 GMT Received: from hetzner.email-server.info (new.email-server.info [213.133.109.44]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k666C22w022932 for ; Thu, 6 Jul 2006 06:12:02 GMT Received: by hetzner.email-server.info (Postfix, from userid 1001) id 9416A32EAD; Thu, 6 Jul 2006 08:13:18 +0200 (CEST) X-Spam-Tests: AWL=0.061,BAYES_00=-2.599 X-Spam-Contact: Contact Address X-Spam-Checker-Version: SpamAssassin 3.1.3-gr1 (2006-06-01) on hetzner.email-server.info X-Spam-Relays: Trusted=, Untrusted=[ ip=88.130.120.198 rdns=mue-88-130-120-198.dsl.tropolys.de helo=!192.168.1.244! by=hetzner.email-server.info ident= envfrom= intl=0 id=A3EAA32DB8 auth= ] X-Spam-Level: X-Spam-Bayes: Score=0.0000, Tokens=Tokens: new, 23; hammy, 112; neutral, 76; spammy, 1., Hammy=0.000-+--localhost, 0.000-+--H*M:mid, 0.000-+--ssh, 0.000-+--H*r:sk:mue-88-, 0.000-+--H*RU:sk:mue-88-, Spammy=0.897-+--H*r:sk:hetzner X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.3-gr1 X-Spam-Externals: DCC Brand "_DCCB_", Result _DCCR_ - Pyzor=_PYZOR_, RBL _RBL_ Received: from [192.168.1.244] (mue-88-130-120-198.dsl.tropolys.de [88.130.120.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hetzner.email-server.info (Postfix) with ESMTP id A3EAA32DB8 for ; Thu, 6 Jul 2006 08:13:05 +0200 (CEST) Message-ID: <44ACA9A6.40100@mid.email-server.info> Date: Thu, 06 Jul 2006 08:11:50 +0200 From: Alexander Skwar User-Agent: Thunderbird 1.5.0.4 (X11/20060610) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info> <44ABEB65.6080200@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 956d32d7-c183-418d-8f93-05db3de8956a X-Archives-Hash: 02c5ad5f84628cb5702a01658d4e8bcc Lord Sauron wrote: > Sorry to be a bit elementary, but if you're not colocating your box, > and you don't often use SSH, you might want to consider disabling > remote administrative things. Of course - disable everything, that you don't need. ESPECIALLY, if it is reachable over the network. > All your Windoze "friend" will try to do is exploit MySQL to pop a DOS > shell into your system. How do you know? > If you can't disable SSH for some reason, then limit MySQL access to > localhost only. I'd even suggest to make MySQL "skip-networking". If that's set in my.cnf, MySQL won't be available via TCP over a network and can only be reached over a Unix socket. Maybe that's what you meant, but I just fealt like adding that :) > If you can, what I'd do is try and get the guy's MAC Address or > something and then totally block that off. How should *THAT* help? In 99.9999999999999999999999999999999% of the times, the attacker won't be on the same subnet, and thus the MAC isn't available. You can try to block me, my MAC will be either 00:12:17:D4:21:D4 or 00:12:17:D4:21:D2. Just tell me, where you blocked me using my MAC and I'll see if I can still access. Alexander Skwar -- "But this one goes to eleven." -- Nigel Tufnel -- gentoo-user@gentoo.org mailing list