From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FyGyA-0008Nz-PL for garchives@archives.gentoo.org; Wed, 05 Jul 2006 23:39:47 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65NbQ9J011949; Wed, 5 Jul 2006 23:37:26 GMT Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65NVm2r014412 for ; Wed, 5 Jul 2006 23:31:49 GMT Received: by wr-out-0506.google.com with SMTP id 57so1095545wri for ; Wed, 05 Jul 2006 16:31:48 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WAbcEDglVbgEFSAfWBnAX9pu6j9C+HQnNA8xVq5SxQS9sjZXh7f0D+WiznG9CQ4PwoLOZDE7POGfVm6UQ7CERY/eekRqQHnQdabp+M1Ac4QtmZBPwSM0mks/O7Ssl33JY1rETbgHdp1Xszmfj5On+kBv3Yayqu+2tqTxoNOrzoc= Received: by 10.65.210.4 with SMTP id m4mr6185322qbq; Wed, 05 Jul 2006 16:31:47 -0700 (PDT) Received: by 10.64.243.9 with HTTP; Wed, 5 Jul 2006 16:31:47 -0700 (PDT) Message-ID: Date: Wed, 5 Jul 2006 16:31:47 -0700 From: "Lord Sauron" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual In-Reply-To: <44ABEB65.6080200@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info> <44ABEB65.6080200@gmail.com> X-Archives-Salt: beb0ab50-b7aa-48c5-a737-31c644314c8e X-Archives-Hash: c1923b71901e387968996ec87106d013 Sorry to be a bit elementary, but if you're not colocating your box, and you don't often use SSH, you might want to consider disabling remote administrative things. All your Windoze "friend" will try to do is exploit MySQL to pop a DOS shell into your system. It's an older trick, however, it works marvelously. Coax SQL into leaving a DOS shell in your web directory, then you have total control. I haven't personally had any experience with it (never bothered to try and hack - not exciting or rewarding) but I did read a hacker paper which outlined that tactic. If you can't disable SSH for some reason, then limit MySQL access to localhost only. You'd have to use SSH/RDesktop to mess with your database, but I think that would close down a very big part of the Windoze zombie's main attack route. Also watch out for denial-of-service attacks. There's been a lot of those problem in the Silicon Valley Linux Users' Group, which I am a member of. Also, are you sure you're working with a "real" hacker. I met a "real" hacker at school once, and even with physical access to my laptop he couldn't crack it. Dumb Windows slave... Nonetheless, if you use PHP, you should also be extra-careful to strip potentially malicious things from web submit forms. If you can, what I'd do is try and get the guy's MAC Address or something and then totally block that off. That's send him away right quickly. I don't know enough to know if that'd be totally possible, but if the guy isn't terribly intelligent, that'll send him packing. Hope I could be of help there! -- ========== GCv3.12 ========== GCS d-(++) s+: a? C++ UL+>++++ P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y ========= END GCv3.12 ======== -- gentoo-user@gentoo.org mailing list