Justin Buist Wrote:
> a) Where they telnetted in? If yes, why do you have telnet enabled?
> Turn it off, switch to ssh.
>
> b) Did you install the CF documentation? Don't do that -- there's holes
> in it that allow modification of the system.
Maybe I should have been a little more clear. I *JUST* finished the install
yesterday afternoon. The computer in question is a personal machine that I
use for devel work at home. It's installed behind a Linksys router/switch
and I have it currently set up in the DMZ hosting option. I know I need to
switch to port forwarding, but it was easier to do the DMZ.
I haven't installed SSH because I'm not a Linux guru and haven't had a
chance to find a HowTo to do it. I've also been reading the Apache docs
until the wee hours of the morning and am recovering from that headache.
I did install the docs... care to give suggestions as to how I can close the
hole now?
Tom Jordahl Wrote:
> Actually the example applications (a separate question in the install) are
> where problems might be found. They are locked down to 'localhost', but
we still
> don't recommend installing them on a production machine.
Okay, those I did not install... odd.
Katherine Villyard Wrote:
> Nobody probably came with your distribution and does not need a shell to
> run cold fusion. Set their default shell to /bin/false. It should also
> already have a password.
I don't have a user entry for "nobody", just a group entry. I tried
telnetting in and logging in with the username of "nobody" and it wouldn't
let me in. The only other place that I see "nobody" is in the email alias
setup.
Thanks for the replies and the information!
Hatton
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
