Date: Thu, 13 May 2010 06:59:16 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Artur Sentsov <sen4ik@gmail.com> Cc: questions@freebsd.org Subject: Re: From Arthur Sentsov - Questions from beginner Message-ID: <4BEB9534.2020403@infracaninophile.co.uk> In-Reply-To: <AANLkTinsunQZuTsxKkS-u0rsVlAlV0WrsGQ-8Zf51TLK@mail.gmail.com> References: <AANLkTinsunQZuTsxKkS-u0rsVlAlV0WrsGQ-8Zf51TLK@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/05/2010 05:41:47, Artur Sentsov wrote:
> 1. I have freebsd server running apache and mysql. In logs i see around 100
> attempts to hack the server. Is that normal? what i have to do that after
> three wrong attempts to enter password server will block ip address?!
Do you mean attacks against the web server?
Automated web probes attempting to exploit various security flaws are,
I'm afraid, completely normal nowadays. The good news is that most of
the probe attempts are aimed at other operating systems, and could never
work on FreeBSD. Even so, you should take care to apply any available
security patches promptly. Unfortunately there aren't many good ways to
automatically block bruteforce attacks against web applications -- too
many different ways of implementing passwords in different web apps.
Use good passwords basically.
> 2. I use SSH to sonnect to server and work on it! Is that secure?
On the other hand, do you mean attempts to bruteforce attacks against
ssh? Again, this is unfortunately normal on the web nowadays.
Yes, ssh is generally secure. It's certainly better than alternative
means of remote access.
If you have good passwords on your accounts, the chances of any attacker
being able to guess what they are is actually very remote. So no need
to run about in a complete panic. Take your time to read up on the
possible solutions and implement what works best for you.
One very simple means you can use to make it completely impossible for
any attacker to bruteforce an ssh password on you machine is to use key
based authentication instead: no passwords means no possibility of them
being guessed. This will not stop bruteforce /attempts/ -- they are
usually done entirely automatically -- and the traces will still clog up
your log files, but you can safely ignore them.
This is a perennial topic on this list -- search the archives for many,
many reiterations of people giving realms of good advice about what to
do to defend yourself.
> 3. How to setup SAMBA on server?! I want my users to be able to upload files
> and download files from their folder. Users use windows.
Well, install the one of the samba ports -- net/samba34 is probably your
best bet -- and read the very good documentation that comes with it.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvrlTQACgkQ8Mjk52CukIzQWwCePA1dH42HG4DH+yI9wkrUOXrq
M2IAn1B19pICPnD6F47CPYDXQptq4Aad
=dCkW
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BEB9534.2020403>