Ok am new to the list but I have a few questions. I am completely new to Linux and I decided to install Debian 2.1 using the book Learning Debian by Bill McCarty I think, pretty good book it seems. Well anyway I opted for the standard workstation install that was about 400 and some odd megabytes. Well the purpose of this linux box was to set it up as a webserver for my newly acquired domain name. I then installed Apache and was surprised to see that I could go to the page on internet explorer via my ip#, didn't even have to do anything except install apache. Well I was going to read about installing some security for my machine but spent all nite messing around with it so I went to bed. It is connected to my schools network. Well one of the people I work with, who knows linux fairly well, took it upon himself to hack my poor defenseless machine and he defaced the webpage that apache had setup. He said he got in using the sendmail bug I believe, that and something about the printer giving him super user access. He said it was turned on by default. He didn't damage the system but I decided to reinstall anyway choosing what I wanted. OK NOW WHAT CAN I DO TO MAKE MY BOX MORE SECURE. I read some of the stuff at Linuxnewbie.org and I turned off some of the daemons and things like that but what else can I do? I restriced access from my school's whole domain name but I saw him get around this rather quickly by telneting somewhere else than telneting to my server. Ok I do no want him to use the same exploit that he used the first time, If anyone knows what this exploit is please tell me so I can stop it, I dont think I installed it this time though. Also I was wondering how I can setup ftp accounts where I can upload webpages to my server using a normal account that I created myself. I want this account to be able to delete and create files in certain directories. Yikes sorry for making this such a long post. I would appreciate it if someone would help this newbler out.
Oh yeah he is going to start hacking my machine this monday so I need some security to stop him. He said "i am going to wait till monday, but just to give you a hint what i am going to try is: suEXEC - be sure to have that protected." Thanks, Brett
