On Friday 01 August 2008, Tim wrote: >Tim: >>> I'd still stick with using your computer as yourself, just use another >>> terminal as root for configuration issues. Especially if you're opening >>> your computer up to the world as a webserver. You do want as much >>> protection as you can manage, in that situation. > >Gene Heskett: >> I'm not directly connected to the net here, dd-wrt, x86 version >> running on an old 450 mhz k6-iii is between me and the black hats. It >> gets about 500 root login attempts a day, but the password is both >> long and unique. > >In that case, the main worries would be that they could find an exploit >in a webserver that doesn't require a logon (abusing guestbook scripts, >and the like), or just abusing mail forms to send spam through your >service to someone else. I get a few script kiddies rattling the >windows on my website, but they only get 404s. I don't have the scripts >that they're looking for to exploit. Neither do I, that and sheer CRS is why there isn't any wrappers around the pix on my site, just a list of pix, and 90% of those are just links to the real file someplace else. >I don't have remote shell access, I haven't thought of a reason that I'd >really want it. One day I might set things so I can access my mail >servers remotely, but not before I've figured out how to do it securely >(i.e. encrypted access only). I thought of that, using imap, but somehow that seems to be, from the stories I read here on the net, just a way to add another single point of failure. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The minute a man is convinced that he is interesting, he isn't. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
