Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to know if I should be worried about being targeted for hacking. I've just installed an apache server and a firewall so I have no basis of comparison. I've recorded 108 individual hits on my apache web server in the past 5 hours pm [ports 1025, 1026, 8875, 3274]. I have a domain name but have not registered with any search engines. the hits are coming from taiwan, korea, china, germany, and france. i have an old box i'm running a smoothwall firewall which seems to be doing ok but I was wondering if this is an unusual number of hits.
As you probably already know you can get everything from logs
access.log and error.log in apache log directory, if you'd see any reference to cmd.exe or any other stuff relating to MS they are most probably woms floating around net targeted to MS IIS servers, you can just ignore them or if the IP's are repetetive you can just block them, watch out for Slapper Worm if you are using SSL, and other *NIX+Apache worms still dwelling on the net, make sure you are running the latest stable apache webserver or you've applied all the security related patches for your current Apache webserver and you have latest openssl package installed if you're using Apache+mod_ssl. Happy linuxing!
P.S. Make sure if you are using any DB's that their versions are up2date with all security patches and configuration applied, also if you are using PHP make sure it is configured properly, and there is no config files sitting around wide-open for easy access, read up the Security Weekly updates posted by unSpawn every week for the latest info on the linux security front. I included no links due to high volume of them, but if you search here you'll find all the info you need to keep your penguin in a cool place, without sharks threatening his life.
Ah don't worry about it. I like laughing at my ftp and ssh server log files I have. I've seen a few from Microsoft trying to login as root or something on my FTP server and ssh, many from Japan.. but that many hits, nothing to worry about really. Mine isn't even set up with a actual name, they have to type my IP address to get to mine.. I think I had about 30 to 50 hits about an hour or so after I had mine up with just ssh and ftp services running on it.
But its good to always be cautious though. Just keep good security in mind and you should be ok. Always keep updated and always look out for anything fishy, not for sure about something, take it off the network until you know for sure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
I think I had about 30 to 50 hits about an hour or so after I had mine up with just ssh and ftp services running on it.
