"It's often infeasible to use VPNs, especially for remote teleworkers."
If that is the case then I think it is still better to just forward the ports that you need instead of opening everything up completely. "Webmin got compromised through a remote exploit (non-root), but since he used webmin to manage his SQL server, they went through the SQL logs and tried the SQL password as root. Presto!" This is probably what happened to me as well. I had webmin installed and used the same password everywhere. The attacker installed some kind of remote control DoS bot. I found this out because netstat showed a bunch of connections to IRC servers even though there were no IRC clients installed. --Phil On 5/16/07, Andrew Kohlsmith <[EMAIL PROTECTED]> wrote:
On Wednesday 16 May 2007 3:36 pm, Phil Oxrud wrote: > I strongly disagree. It is a very bad idea to keep all of those ports open > to the public. It is much better to have a VPN link and then access the > server that way. It's often infeasible to use VPNs, especially for remote teleworkers. Postgres comms are done over SSL, so the only thing that's really open is the Manager interface, which has read-only access anyway, but I agree with you in principle. > I set up trixbox at a midium sized company (120 people) and had it on its > own public IP. After 2 days it was rooted. I realized this when the machine > took down the network. That doesn't tell me anything, unfortunately. Rooted how? I had an associate who used the same SQL password as their root login and also used webmin. Webmin got compromised through a remote exploit (non-root), but since he used webmin to manage his SQL server, they went through the SQL logs and tried the SQL password as root. Presto! Again, no firewall will protect you in that scenario. A VPN would have helped, yes. -A. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
