attacked? hacked? help.....!
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Dec 9 06:02:48 UTC 2003
At 23:47 12/8/2003, you wrote:
>Mike Klinke wrote:
>>
>>This is normal. What you're seeing is Internet worm scans looking to
>>break into vulnerable Windows systems.
>>Regards, Mike Klinke
>
>Thanks, Mike.
>
>Are there similar 'worm scans' for Linux boxes? What should I do to
>protect my machine from them if there are? (point me towards a good
>website or book explaining this if you can.)
There have been many security holes found in Internet Information Server
over time, and there have also been a few holes found in Apache too
(although far fewer). Someone writes a small program ("script") that tries
to look everywhere on the Internet for systems which have not installed the
right patches and which can be hacked using that vulnerability, and
thousands of dumb kids ("kiddies") use those scripts (hence the name
"script kiddie" as a derogatory term) to try to find and crack vulnerable
systems.
If you are running a Web server, it must by definition accept outside
requests. So the only way to protect yourself from attacks TO A SERVICE YOU
DO OFFER such as a webserver in your case, is to make sure you are running
the latest, patched version of your web server software. As mentioned
above, few holes are found in Apache so you can generally be calm and
comfortable, without worrying about those thousands of attempts to crack
your box (most of which are for Windows anyway).
If and when, however, you receive notification from Red Hat or the Fedora
Project that a vulnerability has been found in Apache, upgrade to the
newest version IMMEDIATELY when they release a patched update.
These and other attacks are also the reason you should (a) shut down any
services you don't need to use or don't need to offer, and (b) protect your
box with a firewall so that only the ports you _want_ open are actually
reachable.
Also, for both Lisa and Mike, it is considered courteous on these lists to
keep only whatever is needed for context from previous messages. Note I
kept only two lines from each of your messages, whereas in each of your
replies you made the rest of the list (likely a couple of thousand people)
read through about 100 lines of logs again and again. On the positive side,
thank you for writing your replies AT THE BOTTOM of the message, so that
your answer is below the previous comment; this is called bottom-posting,
keeps the conversation in chronological order, and is a Very Good Thing [tm].
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
More information about the fedora-list
mailing list