1. Is it as bad as I think . . . or am I just paranoid?
I'm a Linux newbie, setting up a RedHat dedicated server,
leased from a provider in Florida. I've also got a
'practice' machine here in my office.
I've been forced into moving to the dedicated server,
by the growth of a forum on one of my sites. My current
web host provides a 'virtual root' setup on a somewhat
overloaded shared server. It does OK with the static pages,
but my forum wants more CPU cycles then it's getting, and
the only solution seemed to be a dedicated machine.
My problem is this: to my untrained imagination, the 'stock'
set up on my new dedicated server seems to be rather insecure.
For example, the access.conf file includes these directives:
Options IncludesNOEXEC MultiViews FollowSymLinks ExecCGI Indexes
They've done this to allow their somewhat kludged up 'server
interface' to work, since it's scattered around the system
in various places.
Also, not only did they set up Telnet initial access
to require the root password, but their trouble ticket
and support pages requires submission of the root password
via unencrypted HTTP, even though they have HTTPS setup.
What I know about hacking wouldn't fill a sheet of foolscap,
but it strikes me that this company may be setting up
servers that are hacker heaven -- lots of insecure machines,
operated by newbies like me, just waiting to be plucked!
Am I overreacting, or just ignorant, or do I really have
something to worry about?
I've asked a couple of the techs, and one of them has admitted
that they have some gateways hacked, and some password capture
occur in the past, but he wouldn't say more.
At this point, my thinking is that I need to play around with
the machine a bit more. But, I'm thinking that before I actually
'go live', I'd better have them repartion and install RH 7.0
(it's currently 6.1) with no 'server interface' . I can change
the root password 10 minutes after they finish, install all updates,
Tripwire, eliminate their server interface, and . . . ?
Assuming that the problem is real, is that enough for reasonable
protection, or do I need to go further?
Unfortunately, there is some real hostility out there to
my websites. I'm just a swimming pool guy, trying to help
folks have more fun with their pools and cover my costs
while doing so. But, some pool dealers (and some BIG chemical
companies) object strenuously to my explaining things like
how to buy pool chemicals, that sell for $1.50 - $6.00/lb,
at the grocery store for $0.35 to $1.00/lb. I get
and go downhill from there, as well as the occasional
psuedo-lawyer-letter. But, my greatest fear is that some
pissed off pool dealer has a precocious hacker son who
decides to entertain himself taking down some of my websites!
Any advice? Things to read? Programs to use?
2. Problems with LAN
3. 014 Bad Bad Bad !!! for Linux
4. new hardisk problem...
5. Bad, bad, bad VM behaviour in 2.4.10
6. Has Linux ever supported the COFF binary format ?
7. Am my linux box hack by the bad guy
9. Bad driver...Bad bad driver
10. BAD SUPER BLOCK hang... how hosed am I?
11. Bad, bad, bad error...
12. Am my linux box hack by the bad guy
13. SoftwarBuyLine.com is bad, bad, bad...