Security Basics mailing list archives
Protecting a server
From: rapha.ottoni () gmail com
Date: 22 Jan 2009 13:44:28 -0000
hi guys, first i would like to apologize for my bad english. then i want to ask ur help to protect one of my servers . By now i have an server with real ip at the edge of my network which runs this services: Nagios on port 5667, ssh on 22,ajp13 on 8009,domain on 80 and http-proxy on 8080. knowing this serveces i would like to ask what kind of attacks should i expect and what are the solutions to proctect it from those attacks. recently, it was attacked from a romenian guy which was able to insert some shell scripts on /var/tmp as user www-data. I quite certanly that he was using an exploit from apache1. Searching a little on web i found this site http://budacsik.blog.hu/2008/11/23/backdoor_bindtty that has most of the scripts that he tried to use. oh, almost forgot to say, once he entered as www-data he started an brute-force ssh on my network ( luckly, he failed ) as well an su root brute-force with an dictionary ( failed again, since we dont use root user). At last he tried to open a backdoor for him. Guys, once again i would like to apologize for my english, and thx for ur patience, grateful, Raphael Ottoni Santiago Machado de Faria
Current thread:
- Protecting a server rapha . ottoni (Jan 22)
- Re: Protecting a server Aarón Mizrachi (Jan 27)