[BlueOnyx:01827] Re: Second Server Hacked

Mark E. Levy mlevy at etaent.com
Sun Jul 26 18:33:43 -05 2009 

While I agree with you philosophically, we've been running BO & BX servers barefoot for years with nary a problem. Just another data point.

M Levy
ETA Hosting

Sent from my Windows Mobile® phone

-----Original Message-----
From: Ralf Quint <Smoothwall at gmx.net>
Sent: Sunday, July 26, 2009 6:19 PM
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Subject: [BlueOnyx:01826] Re: Second Server Hacked


At 03:41 PM 7/26/2009, Chris Gebhardt - VIRTBIZ Internet wrote:
>Ralf Quint wrote:
> > How would they have been able to gain (physical) access to that box? D
> > o you have it sit directly on the Internet or behind a proper firewall?
> > If TCP/81 (for https web UI access) and TCP/22 (for shell access) are
> > not accessible from the web in the first place (or only with
> > restricted source IPs), they can guess the password all they want... :?
>
>Well, strictly speaking, PHYSICAL access would mean somebody's sitting
>at console, with PHYSICAL access to the box (ie: could touch and feel
>it).   So I think we could probably rule that out... or it's an inside
>job!  :)

Ok, bad wording on my part.

>Also, the notion that the server would have to sit behind some sort of
>external firewall isn't one I would give a lot of merit.   If it helps
>you sleep better at night to do so, great.   But I'd hardly call it a
>requirement.   Out of a few hundred servers that we run, I could count
>on 1 hand the number of BQ or BX systems that sit behind a firewall.

Well, as I am participating for the last +8 years on an open source
firewall project and in my professional experience, I would NEVER
expose any server to direct access from the Internet, without control
of a proper firewall in front of it.
Problems like those relay problems mentioned a couple of weeks ago
were fixed in a minute by simply blocking the sending IP ranges from
even talking to the servers.

And back to the problem at hand, if the above mentioned ports are not
exposed to the Internet, how would anyone be able to access the
server in the first place if there is no site set up on the server?

Sorry, I rather have control over access to any server from the
Internet through a decent firewall than counting on pure luck that
nobody comes along and exploits it... :-(

Ralf

_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list