On Tue, 21 Sep 2004 12:47:51 +0100, Tim Green timothy.j.green@gmail.com was rumoured to have said:
On Tue, 21 Sep 2004 11:40:21 +0100, Chris Green chris@areti.co.uk wrote:
In the real world how vulnerable will these two be? Will I get incessant hacking at the open SSH port on the ipCop box trying to guess the password or will it just be the occasional port scan? Assuming the password is secure enough (i.e. unguessable enough and not published on the internet somewhere) will I be basically OK?
Just looking back in auth.log, I can see "61.166.6.60" in China tried to guess my root password 3 times at 23:43 last night and again at 06:58 this morning. Last week there were 8 attempts from Germany, Korea and China.
I've been seeing a lot of these lately, mostly from Asian countries. The attacking hosts are probably victims themselves, as nearly all of the ones I connected back to ran a variant of openssh 3.4p1, which has been known to be vulnerable for more than a year (CA-2003-24)!. The attackers seem to be trying to compromise other ssh servers. I usually see them try to log in as test, admin, guest and root before they give up.
I may be able to limit the SSH access in particular to only certain client IP addresses but I want the IMAP to be accessible from anywhere. The IMAP server will probably only have two or three accounts on it and I will have control over passwords (though not where they're kept maybe).
I think you'll only frustrate yourself if you cannot SSH from anywhere.
Does anyone here have any experience of how vulnerable in reality such systems are? I'm not after Fort Knox, I just want things to be reasonably safe.
Especially since you want to access IMAP from anywhere, at least do it over a secure connection (ssh or ssl) so that you don't broadcast your password and email messages in the clear.
Agreed. I use uw-imapd-ssl, which also allows me to access my mh folders and not just $MAIL. An essential feature if your email account is completely unusable without a trained spam filter and a whole lot of other procmail recipes, like mine is :(
Good luck! Tim.
rgds, /-sb.