On Sun, 17 Jul 2011, Always Learning wrote:
If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard ports. Allocate a different IP address (if you have several) and use a non-web IP address for SSH and a different non-web IP address for phpmyadmin etc. WITH non-standard ports (you can go as high as about 64000). Also consider ONLY allowing access from predefined static IP addresses (under your control). Do not make it easy for the hackers. Give them a difficult time.
Running on non-default ports (especially high numbered ports) always strikes me as the wrong way of doing things. You've come out of the admin shelter of low ports meaning you're now vulnerable to local attacks - if I can make ftp (one of your examples) crash, I can potentially steal its port and run my own ftp server, stealing everyone's password if I have a local account. At the same time, you're still vulnerable to plenty of scanning attacks.
If you want accessible services to be accessible, I say make them accessible, and secure that service as much as you reasonably can.
If you want to restrict access to make it more secure, put them behind a VPN or other protection. That way you *really* get the security benefit that you wanted in the first place.
jh