Any hackers here?
I'm curious - I'm just setting up a new home server and wondering how secure it is.
So... if you fancy a challenge, see if you can view and/or create files on obdwww.egyptus.co.uk.
There's a sneak preview DVD of the Xmas Special available if you can do it (and tell me how you did it).
So... if you fancy a challenge, see if you can view and/or create files on obdwww.egyptus.co.uk.
There's a sneak preview DVD of the Xmas Special available if you can do it (and tell me how you did it).
Post edited by NickH on
Comments
I'll give it a bash
(I promised the wife I'd quit hacking when we got married and started a family)
I've never kept up with the lingo - I always thought crackers hacked the protection off of sofware.
What's the difference?
Crackers are served with cheese
Hackers are the same but have a layer of crumbs and dust that you accidentally breathe in when eating, and nearly choke, (aka Rice Crispies Lung).
AFAIK (by some definitions) a cracker does 'evil' things while a hacker is 'good'. So while both may break into a server, the hacker will leave everything untouched, and probably a message for the admin, telling him that his server is unsecure and the steps required to secure it. The cracker will steal information and/or destroy files (and nowadays he will probably plant a phishing site or something worse).
By other definitions, a hacker is a 100% legal guy, who doesn't break into any server, but does constructive things instead (so in a way, coders are considered hackers).
More here:
http://en.wikipedia.org/wiki/Hacker_culture
hackers see how things work and how to change stuff.
crackers crack things
so there can be an overlap between types tbh
There was a time when both words coexisted without any confusion. But because the media can't be bothered with the technicalities, we are loosing vocabulary.
;-)
RUBBERKEYS!!!!
your wanted
I would have said get outside your own firewall and use nmap or what is currently flavour of the month.
As a third party I'd want written/signed/witnessed statements - and then there is still the possibility of prosectution - (also prosecution under the new all encompassing anti terrorist laws) - simply for having the tools to do a legitamte job.
However you can get yourself a report by running shields up.
From behind your firewall goto here:
https://www.grc.com/x/ne.dll?bh0bkyd2
Do the full port scan.
It should let you know any vulnerabilities.
Fully patch your server.
Run your server in an amber zone separate from your home network (green zone).
Be careful around any forms on your sites these are what people tend to go for to exploit your server, to send spam mostly.
Ta for the link!
you can set your router/server not to respond to pings. Also set your own server error pages.
setup a good .htaccess.txt file to restrict access to folders.
Ta for letting me know - it's an up-to-date Xubuntu box. As for passwords... well, it's a long one :) This machine is the only machine on my network that is public-facing, and even then that's behind a separate firewall/router.
that's a good point actually, I shall have to remember that when I set up my new server and set a nice strong password
I didn't mention the root account :)
ubuntu server rather sensibly imo has the root account disabled by default and makes you create a new user who can use sudo during the installation
public key authentication is a pain, I can carry my username and password in my brain wherever I go.
Not perfect, but I'm quite proud that I've found out how to do that.
An alternative method (which I use myself when I'm away for work) is to block remote access completely apart from known addresses, and add a username/password protected (.htaccess) script to your website that does nothing else but open the SSH port in the firewall for the address that accessed the script for a while.
You still have the regular SSH credentials, but you need a second layer (that script) to poke a temporary hole in the firewall.
Oooh, now that's a cunning idea... but then again we're heading in the direction of port-knocking, and that's a bit overkill for my server :)