kenny

Somebody showed me how they could connect by public FTP to a server download a password file and crack it with a DOS program. They told me this wasnt nothing compared to what some people can do with a shell or the people that can find security flaws in a script and hack thourgh it by a form on the website.
Is it true can anyone that knows their shit can hack anything?

The Machine

but of course.

Snazzy

Nothing is 100% secure....

__________________
Snazzy
<font size="1">
SnazzyTGP.com Visit this site now or I'll kill you</font>

EscortBiz

nothing is secure in these days

__________________

Spanking, Medical Fetish, Sleeping, Strap-on Anal Lesbians, Girls Fucking Guys, Handjob site REAL HOT, Shemales, Anal and Ass Licking sites 100% Real EXCLUSIVE with amazing retention, ccbill payouts, lots of content FREE FTP HOSTING

Promote the largest and oldest member paid escort site, Converts 10 times better then any dating site, CCBill payouts

ICQ# 158802076

kenny

I dont understand why they would do it, what advantages can one obtain by taking over someone else's server

fnet

Check out <a href="http://www.atstake.com/">@stake</a> if you really wanna scare yourself. (Biz end of cult of the dead cow.)

__________________
the sound of one hand googlewhacking

faytl

It's really not that hard to secure a server reasonably. You should do your best to have your own dedicated machine, close off everything that you don't need in inetd (or turn off inetd completely). If you have apache, then you have port 80 open for webpages, thats fine. If you have ftp, like proftpd that opens port 21, make sure that you turn off anonymous logins, and even then limit users to their own home directory as root. Use SSH, not something like telnet, etc, if your really paranoid only allow SSH connections from your IP. Any user account you add, restrict it to only what they need (preferrably not SSH (take away their shell)) only allow them access to ftp, the list goes on but it's all common sense really. Restrict those who aren't you to the bare minimum they need, keep strong passwords (esp. root), close all ports that you don't have a use for, and keep up to date on exploits for services your running...

pipp

As long as data is being transffered bethwen two places. It will never be 100% secure.

bunky

nothing is secure, look at the preist they are so holy but even that was 'penetrated'


bunky

__________________
BoneProne 4 Life - BoneProne Family [insert title here]

primo DM

yes, kenny that is perfectly true and a very simple thing to do, and no server is secure, look at microsoft in the last year, or all the .gov's that have been hacked. i think there was some 30,000+ boxs hacked in 2001, just a little something to think about.

if you want some help securing your box hit me on icq 82667356, and ill tell you a few things that i know that may help.

__________________
This Space for Rent. CF4L!

eXperienZ

If you want to find out what boxes that are hacked when, you
can check this site:
Zone-H.Org