attacked? hacked? help.....!

Rodolfo J. Paiz rpaiz at simpaticus.com
Tue Dec 9 06:02:48 UTC 2003 

At 23:47 12/8/2003, you wrote:
>Mike Klinke wrote:
>>
>>This is normal. What you're seeing is Internet worm scans looking to 
>>break into vulnerable Windows systems.
>>Regards,  Mike Klinke
>
>Thanks, Mike.
>
>Are there similar 'worm scans' for Linux boxes? What should I do to 
>protect my machine from them if there are? (point me towards a good 
>website or book explaining this if you can.)

There have been many security holes found in Internet Information Server 
over time, and there have also been a few holes found in Apache too 
(although far fewer). Someone writes a small program ("script") that tries 
to look everywhere on the Internet for systems which have not installed the 
right patches and which can be hacked using that vulnerability, and 
thousands of dumb kids ("kiddies") use those scripts (hence the name 
"script kiddie" as a derogatory term) to try to find and crack vulnerable 
systems.

If you are running a Web server, it must by definition accept outside 
requests. So the only way to protect yourself from attacks TO A SERVICE YOU 
DO OFFER such as a webserver in your case, is to make sure you are running 
the latest, patched version of your web server software. As mentioned 
above, few holes are found in Apache so you can generally be calm and 
comfortable, without worrying about those thousands of attempts to crack 
your box (most of which are for Windows anyway).

If and when, however, you receive notification from Red Hat or the Fedora 
Project that a vulnerability has been found in Apache, upgrade to the 
newest version IMMEDIATELY when they release a patched update.

These and other attacks are also the reason you should (a) shut down any 
services you don't need to use or don't need to offer, and (b) protect your 
box with a firewall so that only the ports you _want_ open are actually 
reachable.

Also, for both Lisa and Mike, it is considered courteous on these lists to 
keep only whatever is needed for context from previous messages. Note I 
kept only two lines from each of your messages, whereas in each of your 
replies you made the rest of the list (likely a couple of thousand people) 
read through about 100 lines of logs again and again. On the positive side, 
thank you for writing your replies AT THE BOTTOM of the message, so that 
your answer is below the previous comment; this is called bottom-posting, 
keeps the conversation in chronological order, and is a Very Good Thing [tm].

Cheers,


-- 
Rodolfo J. Paiz
rpaiz at simpaticus.com

More information about the users mailing list