On Fri, May 10, 2013 at 02:07:30PM -0800, Tim Johnson wrote:
> * Jim MacDonald <jim@macdonald.org> [130510 13:54]:
> > One does not use terms like "pointy clicky" in a Linux users group
> > forum without anticipating hate mail, in fact you would be remiss
> > in your duties as a Linux user if you failed to do so, that being
> > said with the current rash of WP site hijacking occurring its
> > probably not a bad thing to point out that if you rely on default
> > settings in applications for security you're gonna have a bad
> > time. As with anything in the IT industry there are few things
> > that adequately substitute for research and a healthy dose of
> > "hacker phobia"
> When I posed the following question :
>
> "How can I create a user login page that is not called 'user'"
> to the drupal mailing list, I received replies that can be
> paraphrased as "why would you want to?"
>
> fortunately in drupal there is a module for that (renaming admin
> login page).
>
> I installed both of those sites with access logging initially at
> the highest level and with email alerts for such.
>
> There is constant probing of my sites, as with others.
>
> And of course sysadmins monitoring system logs can see all kinds
> of amazing attempts.
>
> On the dedicated servers that we work on, the majority of
> attempted intrusions appear to be coming from Israel and China.
> Why Israel? Dunno.
Why China? They're no more evil than any other evil persons.
Why Israel? Just a guess, but when you run worms into Iran and such, you
probably want a lot of helpful hops along the way. ;) (Should at least give
the conspiratists something to banter about.)
For now, our websites are hosted by 1and1.com, so security is with them. We're
paying for that service so that I don't have to do the email.
As for our LAN, there is the Comcast cable modem with one ethernet cable going
to a Linux router, which then feeds ethernet to a HP managed switch. The log
structure for the Linux router looks like this:
router log # ls -l *.log
-rw------- 1 root root 18634 May 11 05:35 auth.log
-rw------- 1 root root 204 May 11 07:59 authpriv.log
-rw------- 1 root root 231 May 11 04:20 cron.log
-rw------- 1 root root 6274 May 11 07:33 daemon.log
-rw-rw---- 1 portage portage 8152 May 5 07:30 emerge-fetch.log
-rw-rw---- 1 portage portage 461086 May 9 10:35 emerge.log
-rw------- 1 root root 9645 May 11 07:55 iptables.log
-rw------- 1 root root 0 May 11 03:10 kern.log
-rw-r--r-- 1 root root 0 Mar 26 03:10 rc.log
-rw------- 1 root root 104 May 11 03:10 syslog.log
-rw------- 1 root root 0 May 11 03:10 user.log
That's my "learning curve", and when I get pages for one domain done, I might
try putting it behind there. All I wanted to know in my OP was about saving a
website to use it as a template. This went WAAAYYYY off that track. ;) And,
once I tried it, there was no doubt that idea is really useless.
When we lived in China I ran a server (web site and fileserver) for about 6
years with no breaches. And after the first day, there was not even ONE gov't
scan of the website, due to one little trick I used. (China began requiring
websites be registered in July 2005, less than a month after ours went live
there.) We saw the scan from the crawler one day, and made this little change
the next and never got another scan.
I for one am not so naive as to put anything live on the internet that I must
secure without knowing what the settings are, and not using defaults.
Cheers,
Bruce
-- Happy Penguin Computers >') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ support@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sat May 11 05:42:25 2013
This archive was generated by hypermail 2.1.8 : Sat May 11 2013 - 05:42:25 AKDT