From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-45638-garchives=archives.gentoo.org@gentoo.org>)
	id 1Fy7sC-0004Wn-2O
	for garchives@archives.gentoo.org; Wed, 05 Jul 2006 13:57:00 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65Ds7GB005683;
	Wed, 5 Jul 2006 13:54:07 GMT
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65Dad6D004612
	for <gentoo-user@lists.gentoo.org>; Wed, 5 Jul 2006 13:36:39 GMT
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id AE114642EF
	for <gentoo-user@lists.gentoo.org>; Wed,  5 Jul 2006 13:36:38 +0000 (UTC)
Received: from smtp.gentoo.org ([127.0.0.1])
 by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 24818-03 for <gentoo-user@lists.gentoo.org>;
 Wed,  5 Jul 2006 13:36:32 +0000 (UTC)
Received: from tapuz.safe-mail.net (tapuz.safe-mail.net [213.8.161.230])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 43A18646AA
	for <gentoo-user@gentoo.org>; Wed,  5 Jul 2006 13:36:31 +0000 (UTC)
Received: from www.Safe-mail.net by tapuz.safe-mail.net with Safe-mail (Exim 4.52)
	id 1Fy7YL-0004WO-5y
	for gentoo-user@gentoo.org; Wed, 05 Jul 2006 09:36:29 -0400
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=N1-0105; d=safe-mail.net;
	b=wf8fRN8W9fZjni+f1hIqJGYXIBOch7FkRg0S6wm1Vqc7mrvb1GW4oIl7NrUpkz70
	nDBjIwcq1+0pm/+6Va7dbBgURuPbSU/1hS30vEX0AnGX5AHiewfatVFifNCHnGbu
	0UK8i/JqoMXW6vF/zjB6p/q3utKbwtZt2aKvDs2hdkA=;
Received: from ([85.179.1.88])
	by Safe-mail.net with sm_relayd (TLSv1/SSLv3:AES256-SHA:256)
	id N1-8YC1ZW8I5x; for gentoo-user@gentoo.org; Wed, 5 Jul 2006 09:36:27 -0400
X-SMRef: N1-8YC1ZW8I5x
Newsgroups: gmane.linux.gentoo.user
Subject: [gentoo-user] Re: Protecting my server against an individual
References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com>
Message-ID: <op.tb7xec06lbd8ez@you.and.your.horse>
To: gentoo-user <gentoo-user@lists.gentoo.org>
Date: Wed, 05 Jul 2006 09:36:02 -0400
From: dnlt0hn5ntzhbqkv51 <dnlt0hn5ntzhbqkv51@safe-mail.net>
Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
User-Agent: Opera M2/8.54 (Linux, build 1745)
X-SMType: Regular
X-Virus-Scanned: amavisd-new at gentoo.org
X-Spam-Status: No, score=3.67 required=5.5 tests=[AWL=0.585, BAYES_00=-2.599,
 FROM_HAS_MIXED_NUMS=2.155, FROM_LOCAL_NOVOWEL=2.861,
 SARE_FREE_WEBM_NetSafe=0.667, UNPARSEABLE_RELAY=0.001]
X-Spam-Score: 3.67
X-Spam-Level: ***
X-Archives-Salt: 473d70c2-60af-43af-8498-268f786cded5
X-Archives-Hash: 6075e31fd0c1dd0ac735cdf37c19f65a

On Tue, 04 Jul 2006 18:56:02 -0400, Grant <emailgrant@gmail.com> wrote:

> It has come to my attention that a particular person I know may be
> intent on attacking my server/website in any way possible.  He doesn't
> know much about Linux but does know Windows.  What kind of things
> should I lock down to protect my remote hosted server?  I don't have
> time to get too crazy with security right now, but what kinds of
> simple tricks might this fellow learn by asking around on forums, etc?

A Windows guy has all of the techniques/tools that a 'nix guy has - he'll
figure out what servers you have, which ports, which software, what
vulnerabilities ...... all of it. He'll even use some of the same tools
(e.g. nmap).

If your server is misconfigured (e.g allows root logon); if passwords are
trivial; if software is out-of-date with known vulnerabilities; he could
break in and deface the site; erase the OS; install a root kit and hide a
key logger.............................


Suggest that you shut this thing down 'til you have a security plan that
you understand, and with which you are comfortable.

If that is not possible, then implement the items mentioned earlier, and
additionally assure:

1. that your passwords are at least 15 characters long with capitals and
numerics. A repeated password is fine (e.g. gentoo becomes
gEnt0*gEnt0*gEnt0*)

2. that you can easily and confidently restore your backups (you do have
backups!?)

3. that you can tell if you've been hacked (e.g. samhain, tripwire).

4. And that your software is up to date.

After that, you can look into IDS, Trojan scanning, chroot jails,
hardening, and other things that servers under attack might consider.
-- 
gentoo-user@gentoo.org mailing list