From owner-freebsd-questions@FreeBSD.ORG Thu May 13 10:30:05 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E82F106566C for ; Thu, 13 May 2010 10:30:05 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 7F4628FC15 for ; Thu, 13 May 2010 10:30:04 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OCVg2-0002a0-S5 for freebsd-questions@freebsd.org; Thu, 13 May 2010 12:30:02 +0200 Received: from dsl-trebrasgw1-fe5efa00-207.dhcp.inet.fi ([84.250.94.207]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 May 2010 12:30:02 +0200 Received: from pekka.niiranen by dsl-trebrasgw1-fe5efa00-207.dhcp.inet.fi with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 May 2010 12:30:02 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org connect(): No such file or directory From: Pekka Niiranen Date: Thu, 13 May 2010 13:27:43 +0300 Lines: 76 Message-ID: <4BEBD41F.1080703@pp5.inet.fi> References: <4BEB9534.2020403@infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: dsl-trebrasgw1-fe5efa00-207.dhcp.inet.fi User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) In-Reply-To: <4BEB9534.2020403@infracaninophile.co.uk> Cc: questions@freebsd.org, Artur Sentsov Subject: Re: From Arthur Sentsov - Questions from beginner X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2010 10:30:05 -0000 Matthew Seaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 13/05/2010 05:41:47, Artur Sentsov wrote: > >> 1. I have freebsd server running apache and mysql. In logs i see around 100 >> attempts to hack the server. Is that normal? what i have to do that after >> three wrong attempts to enter password server will block ip address?! > Use pf -filter to collect attempts to a list. That list will then be used to block attempts in future (aka bruteforce option). > Do you mean attacks against the web server? > > Automated web probes attempting to exploit various security flaws are, > I'm afraid, completely normal nowadays. The good news is that most of > the probe attempts are aimed at other operating systems, and could never > work on FreeBSD. Even so, you should take care to apply any available > security patches promptly. Unfortunately there aren't many good ways to > automatically block bruteforce attacks against web applications -- too > many different ways of implementing passwords in different web apps. > Use good passwords basically. > >> 2. I use SSH to sonnect to server and work on it! Is that secure? > > On the other hand, do you mean attempts to bruteforce attacks against > ssh? Again, this is unfortunately normal on the web nowadays. > > Yes, ssh is generally secure. It's certainly better than alternative > means of remote access. > > If you have good passwords on your accounts, the chances of any attacker > being able to guess what they are is actually very remote. So no need > to run about in a complete panic. Take your time to read up on the > possible solutions and implement what works best for you. > > One very simple means you can use to make it completely impossible for > any attacker to bruteforce an ssh password on you machine is to use key > based authentication instead: no passwords means no possibility of them > being guessed. This will not stop bruteforce /attempts/ -- they are > usually done entirely automatically -- and the traces will still clog up > your log files, but you can safely ignore them. > > This is a perennial topic on this list -- search the archives for many, > many reiterations of people giving realms of good advice about what to > do to defend yourself. > >> 3. How to setup SAMBA on server?! I want my users to be able to upload files >> and download files from their folder. Users use windows. > > Well, install the one of the samba ports -- net/samba34 is probably your > best bet -- and read the very good documentation that comes with it. > > Cheers, > > Matthew > > - -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvrlTQACgkQ8Mjk52CukIzQWwCePA1dH42HG4DH+yI9wkrUOXrq > M2IAn1B19pICPnD6F47CPYDXQptq4Aad > =dCkW > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >