On Sat, 2011-07-16 at 19:03 -0500, John R. Dennison wrote: > The reality of the situation is that attacks are in almost all cases > non-targeted and are the results of automated scanning; playing security > through obscurity tricks with IP addresses is as futile as attempting to > herd kittens. In reality the hackers never, in my experience, scan the entire port range of every IP address. They tend to chose the most likely ports as my daily Logwatch reports continue to show (iptables log attempts before dropping them). > You should not be running ftp at all; ftp should be allowed to die off > as it's insecure just as is any protocol that transits credentials on > the wire in plaintext. ftps is better; sftp/scp/rsync is better still. Thanks for the tip. Access is restricted to 3 IPs. I'll investigate SFTP, SCP and Rsync. > phpmyadmin is a recipe for tears of blood; moving ports is better than > leaving it on 80/tcp, but better would be to not run it at all on a > routable IP. It can be accessed only from 3 static IPs using https on a non-standard port and it is never in the same file hierarchy as web pages. Web pages are in their own 'root' structure and not in /var. Nothing private or sensitive can be accessed by http. > In the cases of a targeted attack the attacker(s) will find your > services no matter what ports you have them hanging off of. True. So far no one has bothered to target me, except for the annoying email spammers who never get pass the defences. > And TCP port numbers range from 0 to 65535. 256^2 -- With best regards, Paul. England, EU.