Changing SSH and Apache ports

[Scot L. Harris]

On Thu, 2005-12-15 at 16:51, Dotan Cohen wrote:
> On 12/15/05, Scot L. Harris <webid at cfl.rr.com> wrote:

> > What it is good for however is keeping the vast majority of script
> > kiddies from littering your log files with junk.  This may be more
> > useful for ssh ports than httpd ports.

> 
> I know that this won't save the system from a determined hacker, but
> thankfully I haven't been attacked by one yet. I do get a nice long
> daily log report though:
> 

Those are most likely script kiddies shotgunning systems for weak
passwords.  

> 
> You mention that this is not so important for http as it is with ssh.
> Is this because apache is harder to compromise, or because if it is
> compromised it is less dangereous? Most of the 'attacks' I get in my
> apache log files are windows exploits. I just went looking for them in
> my apache log files, but now I don't see them! They were looking for
> files in "C://WINDOWS/SYSTEM32/"  folder or something like that.
> Strange.

I said it is probably more useful for ssh than httpd since there seems
to be a larger number of people scanning for ssh.  And usually ssh is
used by the admin or a limited number of people who can be told which
port to use.  A web site using a different port is difficult for most
users to find.  If the web page is foor limited users then it will be
easier to pass along which port to use.  But for general use it would
effectively hide your site from the casual web user.  As you also point
out most of the scans for web pages are looking for IIS exploits or
frontpage exploits.  Apache has had a few exploits as well.  And if you
are running things like phpnuke or similar CMS tools you could be at
risk as well.  Unpatched awstats or webalizer packages can also leave
holes.

IMHO any compromise is dangerous.