[CentOS] firefox: annoyance

Sat Sep 27 03:38:17 UTC 2014
Always Learning <centos at u62.u22.net>

Hi Valeri,

> On Fri, September 26, 2014 8:32 pm, Always Learning wrote:

> > Don't use cgi. Have no /cgi directory. Don't load mod_cgi
> >
> > Bash is patched (updated to new version).  Automatically bloke IPs of
> > anyone trying to hack Apache. Am I safe ?

> You are. But if you run the server you do want to serve what you want to
> serve. Now, imagine hotel, everybody in it is behind a single router. One
> person has hacked machine that tried to tap into your server. You block
> the IP, therefore everyone in Hotel... Now do you want to serve it? If not
> why to start Apache at all? However, my case is different. If servers of
> our Departments don't serve anything [we need] to everybody, they do not
> need me, sysadmin, desktop support guy will be more suitable (and probably
> less expensive).

If a hacker, always using someone else's compromised computer, attempts
to break-in, their IP is blocked for all traffic within about 1 second.

Yes that means one hacked computer's IP address is blocked for mail and
web. I decline to let the hacker have repeated attempts to hack into, or
abuse, any of my web sites.

If there are only a few access attempts after the IP address is blocked,
the ban will expire monthly. If there are very many attempts, then the
ban will expire about 3 weeks after the attempts stop.

If this inconvenience's an innocent web user, I have neither ability to
detect the inconvenience nor to determine the user's innocence. I
understand your hotel analogue. In England many hotel guests use their
mobile phones or tablets - not on wifi but on direct radio (mobile
telephone) links; each link having a distinctive IP address.

If the web hacker is operating through a data centre, then I permanently
block, for port 80, the whole of the data centre's known IP block.

The alternative is to be a willing victim.

Best regards,

England - the USA's government's pet European poodle.