Date: Fri, 19 Jun 2009 14:39:35 -0400 From: Bill Moran <wmoran@potentialtech.com> To: prad <prad@towardsfreedom.com> Cc: freebsd-questions@freebsd.org Subject: Re: backdoor threat Message-ID: <20090619143935.6c28be98.wmoran@potentialtech.com> In-Reply-To: <20090619111234.6883afd2@gom> References: <20090619111234.6883afd2@gom>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to prad <prad@towardsfreedom.com>: > i just received this 'threat' from someone on a forum: Stay off that forum. Sounds annoying to me. > "+1.2507437628 <-- And....,yes of course this is a fax, but I could > write and execute a script that would have some real fun with it.. > Don't you think. Especially from a BSD server ;) > > You missed a small back door, if you're nice I'll help you close it. ;)" > > i am very curious as to what script this person can write to have fun > with a fax number. what are they going to do - send me junk faxes > instead of junk emails? Sure. It costs almost nothing to send a fax message, and he could send it over and over and run you out of paper and ink while you're sleeping. Infantile, yes. > however, i'm very curious about the back door. what backdoors are there > on what is pretty well a freebsd server default setup? i have disabled > password access. there are some php forms, but i use the proper way to > set variables. are there other things i should be thinking about? Sure, there's 1000000000 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. Making secure web forms is too complex to discuss in a single email. Of course, the "someone" could just be spouting off. A few years ago, I had someone claim that they could break into my server because my ports weren't "stealth" (i.e., because they returned RST packets instead of just dropping the syns). I invited the idiot to prove it by breaking in, which he never accomplished. Some people brag without being able to back it up. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090619143935.6c28be98.wmoran>