[pmwiki-devel] Slightly OT: Experiences protecting server against attacks
pmwiki at 911networks.com
pmwiki at 911networks.com
Thu Mar 27 09:35:08 CDT 2008
On Thu, 27 Mar 2008 11:54:55 +0100 (CET)
"ThomasP" <pmwiki at sigproc.de> wrote:
> after a recent break-in into my server I'm wondering how I can
> better protect my "machine" (a virtual server actually) against
> this happening again.
Sorry to hear about that. If this is not the first time, it means
that "your setup" is "not right".
A. You haven't told us what's your setup.
B. You haven't told us how they broke in.
1. The OS must be properly configured either MS, Linux or BSDs, and
yes they can be configured to be very secured.
2. For Pmwiki take a look at:
http://www.pmwiki.org/wiki/PmWiki/Security as a starting point.
> At this opportunity the idea of having a centralized blacklist
> server for attacking IPs (similar to the spam blacklists, but
> also with their disadvantages) came once again to my mind. Would
> there be an interest/ does it make sense to have something like
> this realized?
Not really. A good server and good implementation MUST survive in
the wild by itself.
Actually, I doubt that it was 1 person that attacked you, unless
you have some personal enemies. It's much more likely that it was
a bot, and for those the IP addresses are useless, because they
infect other computers/IPs.
--
Thanks
http://www.sqlhacks.com
The SQL Server knowledge base
More information about the pmwiki-devel
mailing list