If memory serves the CF documentation would be installed under 'cfdocs'
right under your WWW document root. However, somebody corrected me --
it's not the docs that cause the holes, just the example applications.
To get ssh running just grab your distro specific package, they should all
be providing one. BTW, what distro is this?
Grab nmap while you're at it and use it to portscan your own machine. If
you don't know why a port's open, find out, then shut it down. The only
thing I'd leave open are http (80) and ssh (22). Beyond that, either kill
the service, secure the service, or use ipchains to restrict access to it
from anything not on your LAN.
BTW, if you're concerned with security, it's a good idea to wipe clean and
reinstall after you beleive you've been hacked, then restore data from a
backup that's known to be untainted. That's probably overkill for your
situation though.
Justin Buist
Trident Technology, Inc.
4700 60th St. SW, Suite 102
Grand Rapids, MI 49512
Ph. 616.554.2700
Fx. 616.554.3331
Mo. 616.291.2612
On Thu, 26 Jul 2001, C. Hatton Humphrey wrote:
> Justin Buist Wrote:
> > a) Where they telnetted in? If yes, why do you have telnet enabled?
> > Turn it off, switch to ssh.
> >
> > b) Did you install the CF documentation? Don't do that -- there's holes
> > in it that allow modification of the system.
>
> Maybe I should have been a little more clear. I *JUST* finished the install
> yesterday afternoon. The computer in question is a personal machine that I
> use for devel work at home. It's installed behind a Linksys router/switch
> and I have it currently set up in the DMZ hosting option. I know I need to
> switch to port forwarding, but it was easier to do the DMZ.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
