> Date: Fri, 30 May 2008 23:18:33 -0700 > From: [EMAIL PROTECTED] > To: [email protected] > Subject: RE: Webserver question > > > herb Kornfeld wrote: > > > I would like to thank everyone for helping. I was just hoping for someone > > who > > had seen this problem before. > > I assume it is a wordpress issue that I did not configure properly. > > Strangely > > the blog works well within my personal network (yes I needed mysql and php). > > My question is probably better asked in a wordpress forum. If I figure it > > out > > I will print the solution. > > > > Also thanks to all for the security concerns. I was planning on a fresh > > install of the latest Fedora 9 anyway and forcing a new public IP address > > this > > weekend. > > It's been a while since I last installed wordpress, but as I recall you have > to tell it where in the webspace it will be found. Since you are using a > private IP address inside, you configured it to be > http://private.ip/wordpress. When someone tries to connect from outside the > connect to http://public.ip/wordpress and wordpress isn't there, it's still at > http://private.ip/worpress. > > You say you're behind a firewall and it's in the DMZ. Can you give more > information about what kind of firewall and what kind of DMZ. Most consumer > grade router/firewalls have "virtual" DMZs. They don't truly have network > separation between the "DMZ" and the lan. They simply punch holes in the > firewall to a specific host in the lan. This is fine, if you want to play > online games. However, if you want to serve web pages from an apache server, I > suggest this is insufficient security. Let me explain. > > Web servers are considered "sacrificial hosts". What this means is that from a > security point of view they are assumed to not be secure. They can and often > are compromised or hacked. If one of these "sacrificial hosts" lives in your > lan, then it becomes a jumping off point to compromise the rest of the > network. First things the hackers will do is install a key logger, a sniffer, > an irc server, and an open relay smtp server. They will then proceed to use > your server, to gather all your password and authentication information for > accessing your bank accounts. They'll relay this information back to > themselves and their buddies on irc, running on your server. And while they're > doing that they will be sending out a steady stream of spam from your server > for v****a, p***s and b****t enlargement. > > Word to the wise is sufficient. > > -- > Neil Schneider pacneil_at_linuxgeek_dot_net > http://www.paccomp.com > Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D > > "Work to eat, eat to live, live to bike, bike to work." -- Naomi Bloom > > -- > [email protected] > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
---------------------------------------------------------------------------- I actually have two routers. One router strictly for my webserver which is put in the DMZ zone. Just in case the first router/webserver is compromised I have another router for my more important computers so they don't get effected (or that is my hope). _________________________________________________________________ Change the world with e-mail. Join the i’m Initiative from Microsoft. http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ChangeWorld-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
