Re: [tlug] hello from a new / old member

[Godwin Stewart <godwin.stewart@example.com>]

On Thu, 09 Mar 2006 16:26:25 +0900, "Stephen J. Turnbull"
<stephen@example.com> wrote:

> Interesting ... I was just about to post asking if anybody had seen
> this.  A box that serves some documentation internally suddenly
> started seeing huge logs despite a "go away" robots.txt, all of the
> 404 accesses being .php scripts.  Of course, I don't do PHP at all
> ....  (I considered it an attractive nuisance, on the order of
> connecting a Windows box to the 'net.  Looks like I was right! ;-)

I think everyone is seeing this.

Note that the vulnreability isn't in PHP itself but in software written in
PHP that doesn't perform adequate sanity checks before utilising the data
posted to it. This has all too often been the case (phpBB anyone?)

> Mostly I just don't run servers, and firewall most of those that I do
> run, except sshd and httpd.  (The U MXes for me so I don't need a
> 'net-facing MX.)  I got sick of the ssh password crackers, so now only
> my home IP (which is dynamic but only changes with the phases of the
> moon, if that often) is allowed in.  I still see them banging on the
> door in the TCP logs, of course.

Security by obscurity isn't always the best solution but it appears to work
here. Run sshd on a non-standard port and have done with it.

> Yes, please.

Ditto.

-- 
G. Stewart - godwin.stewart@example.com

Only adults have difficulty with childproof caps.

Attachment: pgp00002.pgp
Description: PGP signature