Odds are the distro should have had a 'nobody' account already created and
setup properly. Unless you went out of your way to fiddle w/ the acocunt
no modifications should need to be made.
I have a few questions though:
a) Where they telnetted in? If yes, why do you have telnet enabled?
Turn it off, switch to ssh.
b) Did you install the CF documentation? Don't do that -- there's holes
in it that allow modification of the system.
FYI, firewalls are useless if your web-code is what's actually letting the
user in.... which is probably the case if you have the cf docs installed.
Justin Buist
Trident Technology, Inc.
4700 60th St. SW, Suite 102
Grand Rapids, MI 49512
Ph. 616.554.2700
Fx. 616.554.3331
Mo. 616.291.2612
On Thu, 26 Jul 2001, Herman Cremer wrote:
>
> There should be a user -nobody- to run CF as.
> I prefer to run it as the same user as apache.
>
>
> Close the hole with a firewall. -if you have one....else....GET ONE!!!!
>
> Create a user called nobody, assign a password to it,
> give it a shell of /bin/false,
> this way it should not be able to log in.
>
> Hope it helps.
>
>
>
> -----Original Message-----
> From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 26, 2001 3:27 PM
> To: CF-Linux
> Subject: Help with possible security problem
>
>
> Hey folks,
>
> I just recently reinstalled Linux and set up CF. When I set everything up I
> used the default "nobody" user to run the service.
>
> This morning I log in and find "nobody" logged in from 64.13.147.85 and
> ftp'ing to hobbiton.org!!! They disconnected after I tried to talk to them,
> and to this point I haven't seen them back in.
>
> Is there some way that I need to close this hole? I did not create a login
> for "nobody", but would it hurt CF if I did and assigned a password?
>
> HALP!!!!
> Hatton
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
