[CCP14 Home: (Frames | No Frames)]
CCP14 Mirrors: [UK] | [CA] | [US] | [AU]

(This Webpage Page in No Frames Mode)

Collaborative Computational Project Number 14

for Single Crystal and Powder Diffraction

CCP14

Server Security Information

Why bother with Computer System Security and Securing Web Servers?

The CCP14 Homepage is at http://www.ccp14.ac.uk

[Back to CCP14 Web/Config Main Page]

[Security Links Homepage] | [To FTP secure shell Tunnelling Page] | [To X secure shell Tunnelling] | [Routine Windows to UNIX Web updating using Rsync] | [Secure Routine Windows to UNIX Web updating using Teraterm and Rsync]

Q: Why bother trying to keep up to date with patches, etc for securing a server visible on the internet?

A: Because the odds are a script kiddie hacker will then easily discover exploits in your server. Thus, you will come in one morning and see something like the following instead of your real web-page (or experience the fun of recovering from a hacker erased hard-disk)


  • "Lion Internet Worm" DDOS Targeting Unix Systems
    • At http://www.nipc.gov/warnings/advisories/2001/01-005.htm
    • Lion Find: http://www.sans.org/y2k/lion.htm
    • Highly destructive Linux worm mutating: http://www.theregister.co.uk/content/8/17929.html
    • "This one includes a feature similar to one in the Ramen worm, which altered the Web pages of hacked HTTP servers with the message "Hackers looooooooooooove noodles," signed by the "RameN Crew."
      The new Lion worm sets up an HTTP server on port 27374 and erects a page bearing greetz from the Lion crew, Fearnow told us.
      All versions (there are three now) are virtually idiot proof, fire-and-forget tools. Each package contains a scanner which generates random class B addresses searching for an opening on port 53. It then queries the version, and if it finds it's vulnerable, runs a well-known BIND 8 transaction signature (TSIG) handling code exploit, and installs the t0rn rootkit."
    • "We were hasty this week in our initial coverage, where we took a swipe at the FBI's National Infrastructure Protection Center (NIPC) over a Lion advisory bulletin of theirs which we deemed alarmist."
    • "So the NIPC bulletin is a bit gaseous, but not as grossly flatulent as we'd thought."

  • FBI hacker sleuths hint at power-grid disaster
    • At http://www.theregister.co.uk/content/archive/15538.html
    • "The network in question was stupidly configured for anonymous FTP login with read and write privileges, pretty much a welcome mat for anyone in cyberspace to post and retrieve files as they please. Naturally some kids set up a game, with which they managed to gobble up most of the network bandwidth.
      The incident occurred because hopelessly incompetent network administrators essentially left the door open, the lights on, and set out milk and cookies for their anonymous guests. Technically speaking, they left the writable FTP directory and its sub-directories owned by the FTP account rather than by root, which would have reserved write privileges to the network admins."
    • ""Hacked" it most certainly was not. Trespassing is about the worst offence one could claim here; but with no access control whatsoever in place, there isn't, therefore, any digital "No Trespassing" sign in evidence, and one might argue that they had no reason to believe that the owner didn't intend to make his FTP account available for public use. "
    • Redhat worm touts instant noodles ('Ramen' worm): http://www.theregister.co.uk/content/archive/16168.html
    • Hacking Linux BIND servers becomes child's play: http://www.theregister.co.uk/content/8/17864.html
    • BIND holes mean big trouble on the Net: http://www.theregister.co.uk/content/6/16454.html


[Back to CCP14 Web/Config Main Page]

[Security Links Homepage] | [To FTP secure shell Tunnelling Page] | [To X secure shell Tunnelling] | [Routine Windows to UNIX Web updating using Rsync] | [Secure Routine Windows to UNIX Web updating using Teraterm and Rsync]

[CCP14 Home: (Frames | No Frames)]
CCP14 Mirrors: [UK] | [CA] | [US] | [AU]

(This Webpage Page in No Frames Mode)

If you have any queries or comments, please feel free to contact the CCP14