Sorry to be a bit elementary, but if you're not colocating your box,
and you don't often use SSH, you might want to consider disabling
remote administrative things.
All your Windoze "friend" will try to do is exploit MySQL to pop a DOS
shell into your system. It's an older trick, however, it works
marvelously. Coax SQL into leaving a DOS shell in your web directory,
then you have total control. I haven't personally had any experience
with it (never bothered to try and hack - not exciting or rewarding)
but I did read a hacker paper which outlined that tactic.
If you can't disable SSH for some reason, then limit MySQL access to
localhost only. You'd have to use SSH/RDesktop to mess with your
database, but I think that would close down a very big part of the
Windoze zombie's main attack route.
Also watch out for denial-of-service attacks. There's been a lot of
those problem in the Silicon Valley Linux Users' Group, which I am a
member of.
Also, are you sure you're working with a "real" hacker. I met a
"real" hacker at school once, and even with physical access to my
laptop he couldn't crack it. Dumb Windows slave...
Nonetheless, if you use PHP, you should also be extra-careful to strip
potentially malicious things from web submit forms.
If you can, what I'd do is try and get the guy's MAC Address or
something and then totally block that off. That's send him away right
quickly. I don't know enough to know if that'd be totally possible,
but if the guy isn't terribly intelligent, that'll send him packing.
Hope I could be of help there!
--
========== GCv3.12 ==========
GCS d-(++) s+: a? C++ UL+>++++ P+
L++ E--- W+(+++) N++ o? K? w--- O? M+
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+
DI+++ D+ G e* h- !r !y
========= END GCv3.12 ========
--
gentoo-user@gentoo.org mailing list
