Lord Sauron wrote:
Sorry to be a bit elementary, but if you're not colocating your box, and you don't often use SSH, you might want to consider disabling remote administrative things.
Of course - disable everything, that you don't need. ESPECIALLY, if it is reachable over the network.
All your Windoze "friend" will try to do is exploit MySQL to pop a DOS shell into your system.
How do you know?
If you can't disable SSH for some reason, then limit MySQL access to localhost only.
I'd even suggest to make MySQL "skip-networking". If that's set in my.cnf, MySQL won't be available via TCP over a network and can only be reached over a Unix socket. Maybe that's what you meant, but I just fealt like adding that :)
If you can, what I'd do is try and get the guy's MAC Address or something and then totally block that off.
How should *THAT* help? In 99.9999999999999999999999999999999% of the times, the attacker won't be on the same subnet, and thus the MAC isn't available. You can try to block me, my MAC will be either 00:12:17:D4:21:D4 or 00:12:17:D4:21:D2. Just tell me, where you blocked me using my MAC and I'll see if I can still access. Alexander Skwar -- "But this one goes to eleven." -- Nigel Tufnel -- gentoo-user@gentoo.org mailing list
