On 01/10/2014 04:44 AM, Nick Holland wrote: > On 01/10/14 01:36, agrquinonez wrote: > ... > [compromised box] > ... >> Ideas are going to be really appreciated, because i am not a technical guy. > > ok, this is the unpopular answer, but here it is anyway: > Stop. You should not be running your own web and mail server.
popular/unpopular it is a dhycotomy without any value! > Years ago, I used to say that I could make a good case that anyone > running a mail server or DNS server should require a license, for much > the same reason as one should have a driver's license to drive on public > roads: to indicate you have some minimum level of skill so you don't > hurt others on the road. (NOT that I would in any way welcome more > government involvement in the Internet). I do not care about this comment! > (I've run mail servers for around 35,000 users and maybe a hundred > domains, and DNS for hundreds of domains...I'd consider myself BARELY > sufficiently skilled to pass my hypothetical license requirement. I'm > also probably better than 80+% of the people running DNS and e-mail > systems in the Corporate World. Be scared.) it seems good for you, i do not care about it! > I exempted running a webserver because I felt that your average website > was "safe" to other people...kinda like painting your own car -- you may > do a lousy job, but no one has to look at your car/site. Well, these > days of web applications pretty much means I was wrong, and yes, they > are just as able to harm others on the Internet as mail and dns servers > -- maybe even more so these days. Oops, are talking tongues? what is the relation between feeling and objectivity? > If you don't know how to track down what happened -- and more > importantly, don't know how to KEEP it from happening in the first place > -- you should not be running services on the Internet. Using OpenBSD > does not render your system unbreakable, any more than putting a five > year old behind the wheel of a "safe" car makes them or the world "safe". Correction, if i do not know yet, how to deal with this situation; then i should learn, no? and how do you think "genius", that one can learn; If it is not reading and testing? > As for what happened in your case, with a total lack of facts from you, > I'm going to say you left a guessable password on an account. Someone > then threw a list of a few thousand username and password combinations > at it, succeeded, and moved in, probably within 24 hours of your setup. > If you think your password was really clever, that was almost CERTAINLY > your problem, I've seen these lists, they are funny -- you can just > imagine people patting themselves on the back over how clever their > password is...and there it is on the list to be tried on thousands of > boxes an hour. You are really "interesting"; have you read about .php? I think, that the breach came from php on the web server; it could be because the wrong httpd.conf vhost, or directly to web pages, or to sendmail; which do not really seems the case. > The key thing to know is that Internet attacks are not a "oh, I was > unlucky here" thing -- if you expose a service, you are under CONSTANT > attack, if you have any kind of vulnerability, it WILL be exploited, and > rather soon. > > Nick. > I do not share your way to see the life Nick, I am a responsible man! Thanks for your comments. agrquinonez. PS: Tito: i only have the mentioned services running. ZE: I downloaded it from http://ftp.Openbsd.org; yes, it was checked; DokuWiki came from pkg_add; password is never used; i do ssh-copy-id and then ssh key + pass-phrase. Ville: No, i did not disabled chroot for www Thanks to all. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
