what www perl script is running?
Colin Brace
cb at lim.nl
Tue Aug 25 13:16:50 UTC 2009
Bill Moran wrote:
>
> You can add an ipfw rule to prevent the script from calling home, which
> will effectively render it neutered until you can track down and actually
> _fix_ the problem.
>
> In reality, good security practice says that you should have IPFW (or some
> other firewall) running and only allowing known good traffic right from
> the start, which might have protected you from this in the first place.
>
Bill,
I am surprised you would think I have no firewall. As long as I have had the
server (2 years), I have had PF installed and running, and I can tell you
exactly which incoming ports I have open to the net:
tcp_services = "{ ssh smtp www https 4661 4662 52550 }"
the last three are for edonkey and bittorrent, resp.
c'est tout.
There are no *obvious* weaknesses, ie, ssh is private-key only.
That being said, I leave the WiFi open to everyone, with the following ports
available:
wifi_tcp_services = "{ ftp ssh bootps whois domain www imap imaps ntp irc
https sunrpc dict nfs 2628 3689 4711 6667 6909 23398}"
Should I entertain the possiblity that someone parked their car near my
house and hacked in through one of the above ports?
Any suggestions as to where to start looking for the breach would be most
welcome; I am quite new to this game.
Thanks.
-----
Colin Brace
Amsterdam
http://lim.nl
--
View this message in context: http://www.nabble.com/what-www-perl-script-is-running--tp25112050p25134056.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
More information about the freebsd-questions
mailing list