That is not a true story. If a hacker uses ssh from a hacked machine to hack other machines, logs are still kept on the hacked machine to show what the hacker did. If you are worried about such things, set up PKI-only ssh. My ssh server at home only accepts PKI keys as authentication, no passwords allowed. It's really easy to set up, and the most secure set up you can use. You might also want to set up an IPS/IDS. Even something simple like tripwire, which monitors file changes can clue you in.
But we are not talking about a commercial website. He is wanting to set up a personal website. Hackers don't target personal websites. Script kiddies do, only to set up a botnet or zombie host.. Make sure all patches are applied, and avoid using SQL if possible, and PKI-only SSH will leave you quite secure. Jeremiah E. Bess Network Ninja, Penguin Geek, Father of four On Thu, Apr 30, 2009 at 11:26, BluesRenegade <[email protected]>wrote: > If a hacker gets access to an account on the machine, then they can use > SSH and the sys admin cannot see what they're doing because of the > encryption used on all the data passing through the SSH connection, making > the hacker's activities even harder to detect. > > > Conrad Lawes wrote: > > The key reason for using ssh over ftp is security. By default, ssh traffic > is all encrypted. FTP, by default, transmits in clear-text. > Nowadays, you can perform many tasks without going to the command line > especially if you're using a distro such as Ubuntu or Fedora. With tools > such as phpmyadmin, webmin, gftp, and Joomla you can perform many tasks via > GUI or Web browser. Of course, it doesn't hurt to learn the CLI. > > > > On Thu, Apr 30, 2009 at 3:34 AM, Chris Miller < > [email protected]> wrote: > >> >> On Wed, Apr 29, 2009 at 10:01 PM, VENOM GRIM <[email protected]> >> wrote: >> > I just started using Linux and wanted to enjoy it as much as possible >> > so I decided to start a server to host my personal website. I was >> > wondering what the first step would be to get this setup. >> > >> > So far I have install Debian newest version and Apache2 PHP5 and >> > MYSQL.....I need to get my domain to point to my server and I also >> > need to get FTP setup... >> >> As I *ahem* have some experience with Debian 5 and webservers... >> >> 1) Check with your ISP. Most ISPs do NOT allow you to host servers of >> any kind (technically when I run a Nexuiz server I'm violating my >> ISP's usage agreement - ain't that special?) so that kicks you off to >> the mercy of a hosting provider. If you're still determined to learn >> how to use a full-blown Linux setup for a server, then I'd suggest a >> Virtual Private Server (VPS). They're real cheap, but give you all >> administrative benefits of a real, root-access Linux server. They do >> not have as much RAM, and the disk I/O sucks real bad as well. >> >> 2) Learn to use the command line. 99% of the work I do with Linux >> nowadays (I moved to Mac OS X for all my desktop word-processing, >> coding, etc.) is through the command line. When administering a >> server, all the tutorials are for the command line. All the utilities >> are for the command line. Do you see where I'm going with this? The >> command line is the golden tool to get anything and everything done. >> >> 3) I don't use FTP. It's slow, and I just have a general dislike of >> it. I prefer to use SSH (which is even slower, but it's a lot less >> irritating to get working). If you're still hell-bent on FTP, I'd >> suggest proftp (`apt-get install proftpd`). >> >> 4) Learn to read documentation. >> * manpages >> * google (just google - throw in the relevant keywords for whatever >> you're doing, and a mess of tutorials and blogs will pop out of the >> woodwork - honest!) >> * the Apache documentation (http://httpd.apache.org/docs/2.2/) is >> absolutely excellent and tells you almost everything you need to know >> about how to make your website work. >> >> 5) Have fun! Every time you use Linux, you're sticking it to the man! >> You're not paying the Microsoft tax, and that keeps showing them that >> no, making inferior crap just doesn't cut it. >> >> -- >> Registered Linux Addict #431495 >> http://profile.xfire.com/mrstalinman | John 3:16! >> http://www.fsdev.net/ | >> http://www.fsdev.net/~cmiller<http://www.fsdev.net/%7Ecmiller> >> Parents, Take Responsibility For Your Kids! http://www.whattheyplay.com/ >> >> >> > > > -- > Regards, > Conrad Lawes > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
