tag:blogger.com,1999:blog-12753102.post5236060505159607674..comments2024-03-28T15:41:37.170-04:00Comments on Ben's Journal: 10 Minutes To A More Secure ServerBen Simonhttp://www.blogger.com/profile/09833753747177544979noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-12753102.post-62734183708411212662007-11-18T10:48:00.000-05:002007-11-18T10:48:00.000-05:00Ben -Thanks the ssh tunneling hack. I always forge...Ben -<BR/><BR/>Thanks the ssh tunneling hack. I always forget about ssh tunneling and how handy it can be.<BR/><BR/>-BenBen Simonhttps://www.blogger.com/profile/09833753747177544979noreply@blogger.comtag:blogger.com,1999:blog-12753102.post-19159580933175707352007-11-16T00:22:00.000-05:002007-11-16T00:22:00.000-05:00I have been SSH tunneling with VNC for years. Alwa...I have been SSH tunneling with VNC for years. Always felt like something was lacking since Remote Desktop performs so much better than VNC.<BR/><BR/>Then it hit me....even though it feels SO wrong, why not SSH tunnel my Remote Desktop connection? I was able to set it with only slightly more effort than the VNC tunnel. Been working great for months.<BR/><BR/>I would much rather demo something to a client via remote desktop than VNC.Anonymoushttps://www.blogger.com/profile/13470033280132445637noreply@blogger.comtag:blogger.com,1999:blog-12753102.post-12011299805711801192007-11-15T19:20:00.000-05:002007-11-15T19:20:00.000-05:00Ooh, knockd looks really cool - thanks for the poi...Ooh, knockd looks really cool - thanks for the pointer!<BR/><BR/>Yeah, I always forget about the possibilities with ssh tunneling.<BR/><BR/>Thanks for the suggestions, they're great ones.Ben Simonhttps://www.blogger.com/profile/09833753747177544979noreply@blogger.comtag:blogger.com,1999:blog-12753102.post-70920847399659701112007-11-15T15:59:00.000-05:002007-11-15T15:59:00.000-05:00If you don't want to have ssh listening on a port ...If you don't want to have ssh listening on a port open to the world, but also want to be able to access it from anywhere, try <A HREF="http://packages.debian.org/etch/knockd" REL="nofollow">knockd</A>.<BR/><BR/>Additionally, I try to remember to make use of ssh tunneling whenever possible. For example, I run bincimapd on my mail server, but only on the loopback interface. To connect to it from my local machine, I just tunnel a port on my local to 127.0.0.1:143 on the mail server, setup my mail client to access IMAP on that local port, and voilĂ , I have access to my mail.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12753102.post-71113433329894150802007-11-15T09:33:00.000-05:002007-11-15T09:33:00.000-05:00I've so been bitten the the open proxy issue!It's ...I've so been bitten the the open proxy issue!<BR/><BR/>It's amazing, because your server just begins to crawl - yet, it's not really obvious what's going on.<BR/><BR/>Makes you appreciate just how nasty the net can be.<BR/><BR/>And who are all these people who are using open proxies? I feel like there's a whole other world out there, I just can't appreciate.Ben Simonhttps://www.blogger.com/profile/09833753747177544979noreply@blogger.comtag:blogger.com,1999:blog-12753102.post-27362916526718864112007-11-15T01:51:00.000-05:002007-11-15T01:51:00.000-05:00These are good steps to take for sure. Congrats on...These are good steps to take for sure. Congrats on closing yet another potential security hole in the web.<BR/><BR/>I once installed a new version of linux on my home server and was shocked to find tons of network traffic bogging down my cable modem days later. The guy on the phone couldn't tell me what was going on. I just assumed somebody overseas was launching DOS attacks against me. I had no idea why. He suggested we change my IP and see if the problem goes away.<BR/><BR/>It worked. For about a week. Then the onslaught of traffic returned. I eventually tracked the activity down to apache. I noticed tons of the requests hitting my server for web pages I didn't host. (Everything from porn to extreme porn.)<BR/><BR/>Eventually I learned that Mandrake 9.2 had shipped with proxy server turned on in Apache by default. This allowed any client to request any page from my poor little server and it would fetch the page and serve it up. Somehow the bot networks involved in some sort of click fraud found me and added me to their lists. After I plugged the hole it took about a day for them to realize I wasn't available anymore to serve their nefarious purposes and they left me alone.<BR/><BR/>Rough couple of days though....not even support could help.<BR/>-benAnonymoushttps://www.blogger.com/profile/13470033280132445637noreply@blogger.com