Changing SSH and Apache ports
dotancohen at gmail.com
Fri Dec 16 11:45:11 UTC 2005
On 12/16/05, Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Thu, 2005-12-15 at 23:51 +0200, Dotan Cohen wrote:
> > You mention that this is not so important for http as it is with ssh.
> > Is this because apache is harder to compromise, or because if it is
> > compromised it is less dangereous? Most of the 'attacks' I get in my
> > apache log files are windows exploits.
> That will have something to do with it, but I'd hazard a guess along the
> following lines: Breaking into your SSH server allows them to do
> anything that you can do at the CLI. Breaking into a secure web server
> only allows them to do whatever exploits can be done to the webserver.
I suppose that if I'm not running anything other that my own
self-brewed php scripts (and assuming that they are secure), that
there is nothing exraordinary to worry about with apache- so I have
decided to leave it on port 80. Apache is used on millions of
webservers, so I guess that I have little to be paranoid about if all
those sysadmins with years of experience are comfprtable running it!
As for securing my own scripts, that is a different subject. Maybe I
wil dig through the php-general archives on that one.
More information about the fedora-list