[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IPs related to hackers

Subject: Re: [cobalt-users] IPs related to hackers
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Sun Feb 11 08:52:12 2001
Organization: anonymous
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 11 Feb 2001 12:22:07 +1000, "fastmedia" <inc@xxxxxxxxxxxxx> wrote:

:>
:>> > PortSentry adds IPs to the /etc/hosts.deny file so if I'm a bit late
:>> > watching the logcheck messages, the IPs are already blocked. PortSentry
:>> > doesn't add IPs that are being used to run FTP anonymous login scripts
:>or
:>> > IPs that are being used to attempt logins using the admin ID so I drop
:>> > those in by hand.
:>
:>this "hosts.deny" file doesn't seem to block nameserver or ftp requests.
:>my server was recently compromised via proftpd by the looks of it.
:>
:>i think ipchains is the better blocking option, i'm presently studying
:>up on this.

I have openssh 2.3.0 installed that supports sftp. I have disabled ftp
entirely. Any file transfer will have to be via sftp. If that is not possible,
you may wish to consider moving the ftp ports from 20/21 to something else in
the <1024 range. Of course, that means all of your customers have to change
their clients. Any hits on 20/21 now trigger my portsentry.

References:
- Re: [cobalt-users] IPs related to hackers
  - From: Colin J. Raven
- Re: [cobalt-users] IPs related to hackers
  - From: fastmedia

Prev by Date: RE: [cobalt-users] os upgrade 4
Next by Date: [cobalt-users] Default permissions for user's sites
Previous by thread: Re: [cobalt-users] IPs related to hackers
Next by thread: Re: [cobalt-users] IPs related to hackers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index