Considering the security of my server(RedHat6.1),and the every Linux
community,i talk to a big friend of mine(a hacker) to try to hack my
sistem,to test the server and see how the server respond to that kind of
attack.I've set the moust mix of words and numbers,like U7sxY4sF6 to be the
login and password to be hacked,we tried some commom ports and services
mail,ftp,protected www,etc.After about 3.5hs he got the login and passwd of
the sistem,pass my firewalls,and changed the main page to "Hello
Wellington,got you!"
he dont told me the "MAGIC" but he told me what tools he have used to do
so,here is the link:
http://members.xoom.it/_XOOM/d3sTr0y3r/webexploits.html
Now the question for the experts on this list:
1 - How can we(linux community) make ftp,telnet and mail server,not to
respond to a brute force attack?Like, give "3" chances for logins and
passwords for all services.
2 - How can i protect my sistem against portscans,backdor scanners?
3 - In case a hacker,snap in,changing the permission of the moust basic bins
like ,ls,vi,pico,cp,mv,cat,mail etc to chmod 700,will stop a possible
modification of some file or arquive?
I doesn't have a big company,and i'm not an linux master security admin,but
considering the riscs an big company may have,i put this questions and infos
here,cose hey,i've the RH6.1,i've read and re-read the howtos,security docs
and with some little programs he cam make a mess in some one.I know that is
impossible to make 100% secure box but 90% will do great for me.
My sistem:
Redhat6.1,PIII500Mhz,256MB,15GB U-ATA,Intel pro100 Lan card.
Ipchains DENY in all ports,ALLOW on ftp,mail,www like shows TrinityOS Proxy
off.
Thnaks!
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
