Tod McQuillin wrote:
> What happens is that there are two kinds of messages from ssh in
> /var/log/auth.log. When an attacker tries a nonexistent user, you get
>
> Oct 2 13:00:03 plexi sshd[79194]: Illegal user bob from 83.142.49.11
>
> When an attacker tries an existing user, you get
>
> Oct
Hi James,
I would advise against using wildcard certificates. There certainly are
situations where this might be adequate but I'm in favor of a single
server certificate for each service that uses a different (virtual)
host. Thus, I have created several certificates for Apache SSL hosts
plus
Finally, it only takes one security failure in the update process for
someone undesirable to "own" all the FreeBSD machines that have been
left in this default mode. Despite the best efforts of FreeBSD
developers, FreeBSD will always contain bugs and some of them will
be security holes. Any au
> If you are using portupgrade, you can use /usr/local/etc/pkgtools.conf
>
> MAKE_ARGS = {
> 'databases/mysql41-*' => [
> 'WITH_CHARSET=latin2',
> 'WITH_XCHARSET=all',
> 'WITH_OPENSSL=yes',
> 'OVERWRITE_DB=no',
> ],
> }
>
> AFTERINSTALL = {
Hi everyone,
today I got an e-mail from a company claiming that my server is doing
port scans on their firewall machine. I found that hard to believe so I
started checking the box.
The company rep told me that the scan was originating at port 80 with
destination port 8254 on their machine. I
Hi Mike,
thank you for your sympathy and your thorough comments. :) I had that
specific feeling when I read the mail for the first time. I'll try
reducing the keepalive time to get rid of further complaints.
The question is: Why do the "port scans" still come in on their machine?
Should I ad
Oliver Fromme wrote:
> > I'll try
> > reducing the keepalive time to get rid of further complaints.
>
> Which means reducing the efficiency of your service for
> _all_ users just because _one_ firewall admin has no clue.
> I wouldn't do that.
In theory, you are right and it does sound like a
Hi Nash,
I'm not sure I really understand what you're up to. In any case, let me
clarify that my whole intention was to get a better understanding of
what had happened there. In the end, I don't want my server to produce
alarms at other people's sites. I tried to find the cause of the problem
on m
