GoFuckYourself.com - Adult Webmaster Forum - View Single Post

buran · 09-17-2002, 12:46 PM

Hey,

You want to make sure you're using ssh2, in fact. SSH1 has crypto vulnerabilities -- they're unlikely, but possible.

The goal is to make sure that no traffic to your box is using plaintext passwords. Of course, your paysite users are, but those accounts aren't important. If you implement your pop3 accounts as virtual (ie, no associated UNIX account) then you can also start treating those passwords as unimportant (worse case scenario: someone's email gets read)

Another option, setup a VPN between your office and your servers and route all traffic over it. This requires a linux box in the office, but the cost of setting one up is low and the benefits are great.

Don't forget you're just as likely to be sniffed on your local subnet as you are in the colo facility.
Perhaps more likely, if your colo has proper subnets.

As for FTP, I recommend setting up FTP over SSH2 (using SecureFX) or an SFTP client. Either method requires a special client, so you'll have to kiss WS_FTP goodbye. Is it worth it? Only if you don't want to post a GFY thread entitled "We got hacked!"

Staying secure is a matter of staying current, slashdorque will have an item for almost all the vulnerabilities you'll encounter.

Good luck, Buran

09-17-2002, 12:46 PM
buran Confirmed User Join Date: Mar 2002 Location: how'd I get here? Posts: 264	Hey, You want to make sure you're using ssh2, in fact. SSH1 has crypto vulnerabilities -- they're unlikely, but possible. The goal is to make sure that no traffic to your box is using plaintext passwords. Of course, your paysite users are, but those accounts aren't important. If you implement your pop3 accounts as virtual (ie, no associated UNIX account) then you can also start treating those passwords as unimportant (worse case scenario: someone's email gets read) Another option, setup a VPN between your office and your servers and route all traffic over it. This requires a linux box in the office, but the cost of setting one up is low and the benefits are great. Don't forget you're just as likely to be sniffed on your local subnet as you are in the colo facility. Perhaps more likely, if your colo has proper subnets. As for FTP, I recommend setting up FTP over SSH2 (using SecureFX) or an SFTP client. Either method requires a special client, so you'll have to kiss WS_FTP goodbye. Is it worth it? Only if you don't want to post a GFY thread entitled "We got hacked!" Staying secure is a matter of staying current, slashdorque will have an item for almost all the vulnerabilities you'll encounter. Good luck, Buran __________________ [this signature intentionally left blank]