few general questions

To: <debian-user@lists.debian.org>
Subject: few general questions
From: "Brett Fowlkes" <lestat@elp.rr.com>
Date: Sat, 4 Mar 2000 15:57:53 -0700
Message-id: <[🔎] CCECJNMLBKJJNLNCHCMEAENNCAAA.lestat@elp.rr.com>
In-reply-to: <[🔎] 20000304140252.A2312@cmc.net>

Ok am new to the list but I have a few questions.  I am completely new to
Linux and I decided to install Debian 2.1 using the book Learning Debian by
Bill McCarty I think, pretty good book it seems.  Well anyway I opted for
the standard workstation install that was about 400 and some odd megabytes.
Well the purpose of this linux box was to set it up as a webserver for my
newly acquired domain name.  I then installed Apache and was surprised to
see that I could go to the page on internet explorer via my ip#, didn't even
have to do anything except install apache.  Well I was going to read about
installing some security for my machine but spent all nite messing around
with it so I went to bed.  It is connected to my schools network.  Well one
of the people I work with, who knows linux fairly well, took it upon himself
to hack my poor defenseless machine and he defaced the webpage that apache
had setup.  He said he got in using the sendmail bug I believe, that and
something about the printer giving him super user access.  He said it was
turned on by default.  He didn't damage the system but I decided to
reinstall anyway choosing what I wanted.  OK NOW WHAT CAN I DO TO MAKE MY
BOX MORE SECURE.  I read some of the stuff at Linuxnewbie.org and I turned
off some of the daemons and things like that but what else can I do?  I
restriced access from my school's whole domain name but I saw him get around
this rather quickly by telneting somewhere else than telneting to my server.
Ok I do no want him to use the same exploit that he used the first time, If
anyone knows what this exploit is please tell me so I can stop it, I dont
think I installed it this time though.  Also I was wondering how I can setup
ftp accounts where I can upload webpages to my server using a normal account
that I created myself.  I want this account to be able to delete and create
files in certain directories.  Yikes sorry for making this such a long post.
I would appreciate it if someone would help this newbler out.

Oh yeah he is going to start hacking my machine this monday so I need some
security to stop him.  He said "i am going to wait till monday, but just to
give you a hint what i am going to try is: suEXEC - be sure to have that
protected."

Thanks,

Brett

Reply to:

Follow-Ups:
- Re: few general questions
  - From: George Bonser <grep@shorelink.com>

References:
- Re: 2.1r2 (Official) 8 gig partition size barrier
  - From: hillyer@cmc.net

Prev by Date: Re: 2.1r2 (Official) 8 gig partition size barrier
Next by Date: Re: few general questions
Previous by thread: Re: 2.1r2 (Official) 8 gig partition size barrier
Next by thread: Re: few general questions
Index(es):
- Date
- Thread