GoFuckYourself.com - Adult Webmaster Forum - View Single Post

faytl · 09-05-2002, 11:09 PM

It's really not that hard to secure a server reasonably. You should do your best to have your own dedicated machine, close off everything that you don't need in inetd (or turn off inetd completely). If you have apache, then you have port 80 open for webpages, thats fine. If you have ftp, like proftpd that opens port 21, make sure that you turn off anonymous logins, and even then limit users to their own home directory as root. Use SSH, not something like telnet, etc, if your really paranoid only allow SSH connections from your IP. Any user account you add, restrict it to only what they need (preferrably not SSH (take away their shell)) only allow them access to ftp, the list goes on but it's all common sense really. Restrict those who aren't you to the bare minimum they need, keep strong passwords (esp. root), close all ports that you don't have a use for, and keep up to date on exploits for services your running...

09-05-2002, 11:09 PM
faytl Confirmed User Join Date: Jul 2002 Location: Australia Posts: 121	It's really not that hard to secure a server reasonably. You should do your best to have your own dedicated machine, close off everything that you don't need in inetd (or turn off inetd completely). If you have apache, then you have port 80 open for webpages, thats fine. If you have ftp, like proftpd that opens port 21, make sure that you turn off anonymous logins, and even then limit users to their own home directory as root. Use SSH, not something like telnet, etc, if your really paranoid only allow SSH connections from your IP. Any user account you add, restrict it to only what they need (preferrably not SSH (take away their shell)) only allow them access to ftp, the list goes on but it's all common sense really. Restrict those who aren't you to the bare minimum they need, keep strong passwords (esp. root), close all ports that you don't have a use for, and keep up to date on exploits for services your running...