[BlueOnyx:01826] Re: Second Server Hacked

[Ralf Quint]

At 03:41 PM 7/26/2009, Chris Gebhardt - VIRTBIZ Internet wrote:
>Ralf Quint wrote:
> > How would they have been able to gain (physical) access to that box? D
> > o you have it sit directly on the Internet or behind a proper firewall?
> > If TCP/81 (for https web UI access) and TCP/22 (for shell access) are
> > not accessible from the web in the first place (or only with
> > restricted source IPs), they can guess the password all they want... :?
>
>Well, strictly speaking, PHYSICAL access would mean somebody's sitting
>at console, with PHYSICAL access to the box (ie: could touch and feel
>it).   So I think we could probably rule that out... or it's an inside
>job!  :)

Ok, bad wording on my part.

>Also, the notion that the server would have to sit behind some sort of
>external firewall isn't one I would give a lot of merit.   If it helps
>you sleep better at night to do so, great.   But I'd hardly call it a
>requirement.   Out of a few hundred servers that we run, I could count
>on 1 hand the number of BQ or BX systems that sit behind a firewall.

Well, as I am participating for the last +8 years on an open source 
firewall project and in my professional experience, I would NEVER 
expose any server to direct access from the Internet, without control 
of a proper firewall in front of it.
Problems like those relay problems mentioned a couple of weeks ago 
were fixed in a minute by simply blocking the sending IP ranges from 
even talking to the servers.

And back to the problem at hand, if the above mentioned ports are not 
exposed to the Internet, how would anyone be able to access the 
server in the first place if there is no site set up on the server?

Sorry, I rather have control over access to any server from the 
Internet through a decent firewall than counting on pure luck that 
nobody comes along and exploits it... :-(

Ralf