You say you don't listen, but I want you to listen because maybe you don't care what happens to you, but I don't want your carelessness to affect me! I'm dead serious about that. Maybe the data is backed up and isn't sensitive. That's still a computer you have there and it's obviously hooked up to the net. If a cracker sees this, he or she is going to know that you don't care about security and I'm willing to bet that you have plenty of other security holes on this box. Now, here's a quote from a friend of mine that I've included in my CGI course:

[A friend] found I had been running the server for a few months, and asked what kind of security I was running. I chuckled and told him there was no need, since the computer had no valuable information on it.

He gave me a funny look, and he started port-scanning my machine. As you would expect, just about everything was open. As we looked further and further in to it, things starting looking bad. There was evidence that someone else had been in my system.

The clincher came when we found a SQL server database of news groups on my server. Chances are I was used to spam these news groups.

The person quoted above was apparently used to spam newsgroups. That's pretty annoying. It would have been more annoying to find out that his box was a slave participating in DDOS attacks.

I strongly urge you to read through my course. It's not the best you'll find, but it's fairly decent and it will give you some background information that you need. I don't mean to sound harsh, but this is pretty serious and I don't want to kid around about it.

I'm sick of klez.

I'm sick of DDOS attacks.

I'm sick of Sub Seven.

I'm sick of all of those irritating and costly security issues caused by people thinking "the data's backed up and isn't sensitive so I don't need to worry about security". At the very least, if you truly believe that there's nothing wrong with your point of view, please don't advertise it. A lot of animals are silent in the jungle for a very good reason.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to Quiet in the jungle by Ovid
in thread [untitled node, ID 182637] by Samn

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.