[CentOS] firefox: annoyance
Always Learning
centos at u62.u22.net
Sat Sep 27 03:38:17 UTC 2014
Hi Valeri,
> On Fri, September 26, 2014 8:32 pm, Always Learning wrote:
> > Don't use cgi. Have no /cgi directory. Don't load mod_cgi
> >
> > Bash is patched (updated to new version). Automatically bloke IPs of
> > anyone trying to hack Apache. Am I safe ?
> You are. But if you run the server you do want to serve what you want to
> serve. Now, imagine hotel, everybody in it is behind a single router. One
> person has hacked machine that tried to tap into your server. You block
> the IP, therefore everyone in Hotel... Now do you want to serve it? If not
> why to start Apache at all? However, my case is different. If servers of
> our Departments don't serve anything [we need] to everybody, they do not
> need me, sysadmin, desktop support guy will be more suitable (and probably
> less expensive).
If a hacker, always using someone else's compromised computer, attempts
to break-in, their IP is blocked for all traffic within about 1 second.
Yes that means one hacked computer's IP address is blocked for mail and
web. I decline to let the hacker have repeated attempts to hack into, or
abuse, any of my web sites.
If there are only a few access attempts after the IP address is blocked,
the ban will expire monthly. If there are very many attempts, then the
ban will expire about 3 weeks after the attempts stop.
If this inconvenience's an innocent web user, I have neither ability to
detect the inconvenience nor to determine the user's innocence. I
understand your hotel analogue. In England many hotel guests use their
mobile phones or tablets - not on wifi but on direct radio (mobile
telephone) links; each link having a distinctive IP address.
If the web hacker is operating through a data centre, then I permanently
block, for port 80, the whole of the data centre's known IP block.
The alternative is to be a willing victim.
Best regards,
Paul
England - the USA's government's pet European poodle.
More information about the CentOS
mailing list