In response to prad <[email protected]>: > i just received this 'threat' from someone on a forum:
Stay off that forum. Sounds annoying to me. > "+1.2507437628 <-- And....,yes of course this is a fax, but I could > write and execute a script that would have some real fun with it.. > Don't you think. Especially from a BSD server ;) > > You missed a small back door, if you're nice I'll help you close it. ;)" > > i am very curious as to what script this person can write to have fun > with a fax number. what are they going to do - send me junk faxes > instead of junk emails? Sure. It costs almost nothing to send a fax message, and he could send it over and over and run you out of paper and ink while you're sleeping. Infantile, yes. > however, i'm very curious about the back door. what backdoors are there > on what is pretty well a freebsd server default setup? i have disabled > password access. there are some php forms, but i use the proper way to > set variables. are there other things i should be thinking about? Sure, there's 1000000000 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. Making secure web forms is too complex to discuss in a single email. Of course, the "someone" could just be spouting off. A few years ago, I had someone claim that they could break into my server because my ports weren't "stealth" (i.e., because they returned RST packets instead of just dropping the syns). I invited the idiot to prove it by breaking in, which he never accomplished. Some people brag without being able to back it up. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
