Re: [vps-mail] Packet filter

[Wilson Pickett <wilson.pickett@xxxxxxxxx>]

Godwin, 

I have to tell you (and purposely share with all here) something that
happened to me last year. For some reason I needed to go to
"domainname.fr", something to do with a customer of ours. I went to
the address and it translated (due to stupid config error, very common
here) in the browser window to nnn.nnn.nnn.nnn/something/yada/

Long story short, I went to the ip root dir and was treated to a
listing of their (obviously WIndows) root directory. So I tried the
well-known exploits (running the dir.exe cmd) and they worked. I
looked at /customer/accounts/ and was able to see order histories,
etc. I emailed these people three times about how messed up the server
was and that it was probably compromised trojan anyway. No answer. I
tried to phone and got nowhere.

My point is that there are people, especially in corporate and
business situations, who are SO CLUELESS that they don't even realize
their entire network is lying down in front of the world with its legs
spread wide apart.

I really would like to see some kind of capture procedure where after
a certain number of bad ssh tries in a certain period of time, we were
able to wrestle these servers to the ground and pin them to the mat.

We don't really want to filter Charlie Root's emails so we don't see
all the shh attemptsd, right? Otherwie, what is the point of having
these reports at all? So, yes, it is something for which we should be
finding a solution, IMO.
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).