At 3:50 AM -0500 5/7/02, Glen Lee Edwards wrote:
>Rodolfo J. Paiz writes:
>>It is true that Glen should never have been hacked three times, and that
>>this fact alone shows carelessness or ignorance bordering on
>>irresponsibility. It is also true that most of us are, at one time or
>
>Some things we need to get clear here:
>
>The first time I was hacked was on a remote Linux server I was
>leasing which was
>behind a firewall that I did not control. ...snip...
I was in a similar position, last year. I leased a Cobalt
RaQ3i. Many Cobalt boxes (running a customized version of RH 5.1,
BTW.) were hacked - find an exploit in one Cobalt box and you can get
into nearly all of the rest.
>The second time I was hacked, it was on my home system. I
>immediately wiped the
>computer and upgraded it as far as I could considering that the Red Hat
>installer no longer runs on 16 MB RAM.
I TOTALLY understand Glen's defensiveness, here. This list is
naturally a bit loyal to Red Hat, since we all are using it and have
spent a considerable amount of time setting up and maintaining it.
That said, RAM is CHEAP and has been for well over a year. A
256 MB PC100/133 chip has been around $50 for a very long time. IMO,
using a computer with only 16 MB of RAM on it is completely
unnecessary. Someone could literally save their pocket change for a
few months and be able to purchase at least a 32 MB chip. Thus,
Glen's argument on this point is feckless, as far as I'm concerned.
>The third time I was hacked WHOEVER HACKED ME FOUND A SECURITY HOLE IN EITHER
>NAMED OR SENDMAIL. THERE WERE NO OTHER PORTS ACTIVE. I HAD ONLY NAMED AND
>SENDMAIL RUNNING. ALL OTHER SERVICE PORTS WERE CLOSED. TELNET,
>INETD, and FTP
>WEREN'T EVEN INSTALLED.
Both "named" and sendmail have had know exploits for some
time. Regardless of the OS or distribution, we ALL have to keep
updated on revisions or "patches". Be glad that you are running Linux
(or even Red Hat's version of it). Those poor MS people are
downloading and installing patches almost daily - and that is not an
exaggeration!
Hackers (i.e. "Crackers") are a very dedicated group. If you
don't STAY current, you're screwed! It's just a question of when, and
how bad, you're going to get hit.
>The only mistake I made was in remaining loyal to Red Hat after they adopted a
>policy to put out distributions that I can't install. I should have
>immediately
>dumped them.
I know of NO OSes or distros that run WELL on 16 MB of RAM.
Perhaps I'm ignorant of some esoteric Linux-based OS that will run on
the technological equivalent of vacuum tubes. That's entirely
possible, primarily because it seems so completely unnecessary to
even consider such a thing.
Updating server software is only the responsibility of the
manufacturer (e.g. Red Hat) IF the consumer/user stays CURRENT with
the version of their distribution (in this case, RH 7.3). Red Hat
can't know what software a particular server is running without
implementing some SERIOUS "spyware" on that same system. Nor should
they be responsible for making any necessary updates or "patches" for
free, when found.
Just my rigid opinion. Feel free to disregard it, entirely. ;-)
Patrick Beart
--
------------------------------------------------
Web Architecture & "iWeb4Biz" 503-774-8280 Portland, OR
Internet Consulting, Intelligent Web site Development & Secure site Hosting.
http://www.WebArchitecture.com/
"This is an era when nonsense has become acceptable and sanity is
controversial."
- Thomas Sowell
------------------------------------------------
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
