backdoor threat

Gary Gatten Ggatten at
Mon Jun 22 14:59:44 UTC 2009

OK - this thread is scaring me.  Anything that involves a "backdoor"
threat is very concerning - I keep looking over my shoulder to make sure
no one is sneaking up on me!

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at] On Behalf Of Bill Moran
Sent: Monday, June 22, 2009 8:00 AM
To: prad
Cc: freebsd-questions at
Subject: Re: backdoor threat

In response to prad <prad at>:
> > Sure, there's 1000000000 things.  Start by running a nmap scan from
> > different computer and see what ports are open.  Investigate each
> > program listening on those ports to ensure it's properly secured.
> ok this is really neat!
> we did the scan and found what the open ports are.
> so the first one we changed was the ssh.
> then a friend said he assigns ports that are not used in
> so i presume this means for instance if we change the http port, we'll
> have to tell our http server to do business on that port?

Moving programs to different ports is not a viable security technique.
It really only slows down a potential attacker a little bit.

My point in suggesting the port scan was for _you_ to know,
what programs are potential attack vectors.  Moving your web server to
a different port will make it difficult for people you _want_ to use it
to find it.  And it won't make it significantly more difficult for

> is this what you mean by ensuring that the program listening on a port
> is properly secured? or is there something else?

Every program has its own list of steps to secure it.  Once you know
programs need to be secured, you can then address each one individually.

For example, it seems you've already taken reasonable steps with sshd,
disabling password login and only using keys.  You can go a few steps
further by ensuring that the only accounts that can login are those that
you want to have access, and then installing a program that
blocks IPs that have too many failed login attempts.

With all programs, you want to make sure that you've got the latest
that have all known bugs patched.

With apache, you should disable modules that you aren't using, and
that any interpreters (such as PHP) are limited to only the
that is needed.

It's also good general practice to configure a packet filter (such as pf
or ipfw) that only allows traffic that you know is good.  That way, if
someone manages to install a trojan, it's neutered because it can't
communicate back to its control site.

> > Making secure web forms is too complex to discuss in a single email.
> > 
> ok we'll look into this further. we really don't have too many web
> forms and the forum software we use is punbb which i think they
> (rickard et al) take good care of.

Again, make sure you keep this software up to date, so you have the
bug fixes.  Installing portaudit and making sure you get the nightly
emails from it is a good idea.

Bill Moran
freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."

More information about the freebsd-questions mailing list