On Sun, Jul 17, 2011 at 12:03:52AM +0100, Always Learning wrote:
If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard ports. Allocate a different IP address (if you have several) and use a non-web IP address for SSH and a different non-web IP address for phpmyadmin etc. WITH non-standard ports (you can go as high as about 64000). Also consider ONLY allowing access from predefined static IP addresses (under your control). Do not make it easy for the hackers.
The reality of the situation is that attacks are in almost all cases non-targeted and are the results of automated scanning; playing security through obscurity tricks with IP addresses is as futile as attempting to herd kittens.
You should not be running ftp at all; ftp should be allowed to die off as it's insecure just as is any protocol that transits credentials on the wire in plaintext. ftps is better; sftp/scp/rsync is better still.
phpmyadmin is a recipe for tears of blood; moving ports is better than leaving it on 80/tcp, but better would be to not run it at all on a routable IP.
In the cases of a targeted attack the attacker(s) will find your services no matter what ports you have them hanging off of.
And TCP port numbers range from 0 to 65535.
John