From owner-freebsd-questions@FreeBSD.ORG Fri Jun 19 18:39:37 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58D481065674 for ; Fri, 19 Jun 2009 18:39:37 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 2B1538FC16 for ; Fri, 19 Jun 2009 18:39:37 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id 1858AEBC0A; Fri, 19 Jun 2009 14:39:36 -0400 (EDT) Date: Fri, 19 Jun 2009 14:39:35 -0400 From: Bill Moran To: prad Message-Id: <20090619143935.6c28be98.wmoran@potentialtech.com> In-Reply-To: <20090619111234.6883afd2@gom> References: <20090619111234.6883afd2@gom> X-Mailer: Sylpheed 2.6.0 (GTK+ 2.14.7; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: backdoor threat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2009 18:39:37 -0000 In response to prad : > i just received this 'threat' from someone on a forum: Stay off that forum. Sounds annoying to me. > "+1.2507437628 <-- And....,yes of course this is a fax, but I could > write and execute a script that would have some real fun with it.. > Don't you think. Especially from a BSD server ;) > > You missed a small back door, if you're nice I'll help you close it. ;)" > > i am very curious as to what script this person can write to have fun > with a fax number. what are they going to do - send me junk faxes > instead of junk emails? Sure. It costs almost nothing to send a fax message, and he could send it over and over and run you out of paper and ink while you're sleeping. Infantile, yes. > however, i'm very curious about the back door. what backdoors are there > on what is pretty well a freebsd server default setup? i have disabled > password access. there are some php forms, but i use the proper way to > set variables. are there other things i should be thinking about? Sure, there's 1000000000 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. Making secure web forms is too complex to discuss in a single email. Of course, the "someone" could just be spouting off. A few years ago, I had someone claim that they could break into my server because my ports weren't "stealth" (i.e., because they returned RST packets instead of just dropping the syns). I invited the idiot to prove it by breaking in, which he never accomplished. Some people brag without being able to back it up. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/