[Watford] Watford Digest, Vol 136, Issue 2

[Toby Deans]

Re : Alain

> I notice that we were attacked last night from China, part of /var/log/messages:

That is why I run the deny hosts script: Attacks from China, Russia
and Brazil are endemic - I look at my deny hosts logs on my machines
and it is the usual culprits.

Moving ssh to a non-standard port would clear a lot of this -


> So, like it or not, we do need to take security seriously. I doubt that Magnus would like to
> have one of his IP addresses end up in a RBL!

I agree - I think ultimately port 80 and port 22 (or whatever we agree
on for ssh) only - FTP is not really necessary as we can use SFTP
anyway. The GUI I think we can lock down with .htaccess or at Magnus's
place and then use port forwarding as Steven suggests?


> In moving rsync to xinetd - we broke it. I have now fixed this and successfully done a backup.
> Note that rsync is restricted to my machine that does the backups.

You are king of rsync.

On a happy note, the forum doesn't do gateway timeouts now that Yvan
increased the php script time - I've still not seen anyone else try
the forum yet? Is it working ok for you to register?

Plum